Astra Linux - уязвимость в python-django, python2.7

Packages containing “python/cpython” from versions 0 and earlier, including 3.6.13, 3.7.0 and earlier than 3.7.10, 3.8.0 and earlier than 3.8.8, 3.9.0 and earlier than 3.9.2, are vulnerable to Web Cache Poisoning via “urllib.parse.parseqsl” and “urllib.parse.parseqs”. This vulnerability occurs du...

Astra Linux - уязвимость в python3.7, python2.7, pypy

A vulnerability was discovered in Python before version 3.8.18, 3.9.x before version 3.9.18, 3.10.x before version 3.10.13, and 3.11.x before version 3.11.5. This vulnerability primarily affects servers such as HTTP servers that use TLS client authentication. When a TLS server-side socket is...

Astra Linux - уязвимость в python-tornado

Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server’s event loop for an extended period, due to the use of the HTTPHeaders.add method. This method accumulates values using string...

Astra Linux - уязвимость в python-django

A issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 when Python 3.7+ was used. The intermediate-level directories of the filesystem cache had the system’s standard umask instead of 0o077...

Astra Linux - уязвимость в jinja2

Jinja is an extensible templating engine. Prior to version 3.1.5, there was a flaw in how the Jinja sandbox environment detected calls to str.format, allowing an attacker who controls the content of a template to execute arbitrary Python code. To exploit this vulnerability, an attacker needed to...

Astra Linux - уязвимость в python-urllib3

In the urllib3 library, as of version 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameters...

Astra Linux - уязвимость в python2.7, python3.7

A issue was discovered in the comparedigest function in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimizations were possible in the accumulator variable used in hmac.comparedigest...

Astra Linux - уязвимость в python-rsa

In Python-RSA before version 4.1, leading '\0' bytes are ignored during the decryption of ciphertext. This could potentially have security-related implications, such as allowing an attacker to infer that an application uses Python-RSA. Alternatively, the length of the accepted ciphertext may affe...

Astra Linux - уязвимость в python-cryptography

A flaw was discovered in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which could result in the exposure of confidential or sensitive data...

Astra Linux - уязвимость в python2.7, pypy

In Python 3.x versions prior to 3.5.10, 3.6.x versions prior to 3.6.12, 3.7.x versions prior to 3.7.9, and 3.8.x versions prior to 3.8.5, CRLF injection is allowed if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of...

Astra Linux - уязвимость в python-werkzeug

Werkzeug is a comprehensive WSGI web application library. Browsers may allow “nameless” cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on a neighboring subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...

Astra Linux - уязвимость в python-setuptools

Python Packaging Authority PyPA’s setuptools before version 65.5.1 allows remote attackers to cause a denial of service through HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service ReDoS vulnerability present in packageindex.py...

Astra Linux - уязвимость в python3.7, python2.7

In Python aka CPython, up to version 3.10.8, the mailcap module does not add escape characters to commands found in the system’s mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if those commands lack validation of...

SUSE CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

MAL-2026-4652 Malicious code in python-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b94c01fae325c5f5e92abd5da03527c54e22bb48202b1dc8b3e2c64947753b2 package.json declares "preinstall": "./dist/typecheck.js". The referenced file is not JavaScript — it is a 5,224,556-byte Linux x86 ELF executable...

MAL-2026-4182 Malicious code in stripe-internal (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e7a911f1602bed2fda7cbacff6567286433df29592c24839ae9980c7fff0e6b4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4181 Malicious code in stripe-commands (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25869cea9557ac431847a2e11b5c78d6da5ee072b1d73f1d0fa6ccc895d2be60 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Malicious code in stripe-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2134a01cead67cd3508d0ca8a14acbfd272181c65faed08b8491a1b2e7885ddc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-4180 Malicious code in stripe-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2134a01cead67cd3508d0ca8a14acbfd272181c65faed08b8491a1b2e7885ddc Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Quality and Security Signals in AI-Generated Python Refactoring Pull Requests

As AI agents increasingly contribute to code development and maintenance, there is still limited empirical evidence on the quality and risk characteristics of their changes in real-world projects, particularly for refactoring-oriented contributions. It remains unclear how agent-authored refactori...