PT-2026-35528

If shutil.unpack archive is given a ZIP archive with an absolute Windows path containing a drive C:... then the archive will be extracted outside the target directory which is different than other operating systems. Only Windows is affected by this vulnerability...

EUVD-2020-0169

Malware in sbrugna...

GitHub Security Lab: [Python]: Add shutil module sinks for path injection query

This bug was reported directly to GitHub Security Lab...

EulerOS Virtualization 3.0.2.2 : python (EulerOS-SA-2020-1472)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a...

SUSE SLES12 Security Update : python3 (SUSE-SU-2019:2053-2)

This update for python3 fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document bsc1109847. CVE-2018-1000802: Fixed a comma...

SUSE SLED12 / SLES12 Security Update : python3 (SUSE-SU-2019:2053-1)

This update for python3 fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document bsc1109847. CVE-2018-1000802: Fixed a comma...

MGASA-2018-0495 Updated python packages fix security vulnerabilities

Possible denial of service vulnerability due to a missing check in Lib/wave.py to verify that at least one channel is provided CVE-2017-18207. Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service...

USN-3817-2: Python vulnerabilities

USN-3817-1 fixed a vulnerability in Python. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python to crash, resulting in a denia...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Python vulnerabilities (USN-3817-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3817-1 advisory. It was discovered that Python incorrectly handled large amounts of data. A remote attacker could use this issue to cause Python t...

Security update for python (moderate)

This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module makearchive function via passage of unfiltered user input bsc1109663 This update was imported from the SUSE:SLE-15:Update update project...

SUSE-SU-2018:3002-1 Security update for python

This update for python fixes the following issue: - CVE-2018-1000802: Prevent command injection in shutil module makearchive function via passage of unfiltered user input bsc1109663...

Debian DSA-4306-1 : python2.7 - security update

Multiple security issues were discovered in Python: ElementTree failed to initialise Expat's hash salt, two denial of service issues were found in difflib and poplib and the shutil module was affected by a command injection vulnerability. C Tenable Network Security, Inc. The descriptive text and...

[SECURITY] [DSA 4306-1] python2.7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4306-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 27, 2018 https://www.debian.org/security/faq -...

Debian DLA-1520-1 : python3.4 security update

Multiple vulnerabilities were found in the CPython interpreter which can cause denial of service, information gain, and arbitrary code execution. CVE-2017-1000158 CPython aka Python is vulnerable to an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-base...

CVE-2018-1000802

It was discovered that the shutil module of python does not properly sanitize input when creating a zip file on Windows. An attacker could use this flaw to cause a denial of service or add unintended files to the generated archive...

CVE-2018-1000802

Python Software Foundation Python CPython version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in shutil module makearchive function that can result in Denial of service, Information gain via injection of arbitrary files on...

CVE-2018-1000802

CVE-2018-1000802 affects CPython 2.7, where shutil.make_archive is vulnerable to command injection. A specially crafted input to the function can lead to Denial of Service and potential information gain via arbitrary file creation, as described in multiple advisories. The issue stems from imprope...

Exploit for Command Injection in Python

Python CVE-2018-1000802 Proof-of-Concept This is a PoC for th...