160 matches found
Improper Handling of Unicode Encoding
Overview Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the process that applies exclusion directives from MANIFEST.in due to improper Unicode normalization handling on macOS APFS or HFS+ filesystems. An attacker can cause unintended files to be...
CVE-2026-59890
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
CVE-2026-59890
Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...
CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...
PYSEC-2026-342 Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...
CVE-2026-49401 Deno Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.14, Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done...
CVE-2026-49401
CVE-2026-49401 describes a permission bypass in Deno on macOS APFS prior to v2.7.14. The denial checks for --deny-read/--deny-write/--deny-run/--deny-ffi were performed at the raw-byte level, but APFS considers different Unicode spellings of the same name as the same file. This allowed a process ...
GHSA-8XPQ-CJCF-3WH9 Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...
Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)
Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...
BIT-PYTHON-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
BIT-LIBPYTHON-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
CVE-2026-3276
A flaw was found in the unicodedata.normalize function in Python. This vulnerability allows a remote attacker to cause excessive CPU consumption by providing specially crafted Unicode input. Successful exploitation can lead to a Denial of Service DoS on the affected system. Mitigation Mitigation...
CVE-2026-3276
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
UBUNTU-CVE-2026-3276
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
CVE-2026-3276
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
EUVD-2026-34103
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
PSF-2026-25
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
Unchecked Input for Loop Condition
Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the unicodedata.normalize function. An attacker can cause excessive CPU consumption by submitting specially crafted Unicode input, potentially leading to service disruption. Remediation A fix was...
CVE-2026-3276
unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...
PT-2026-45951
Name of the Vulnerable Software and Affected Versions Python affected versions not specified Description The unicodedata.normalize function can consume excessive CPU time when processing specially crafted Unicode input. This occurs when the input contains long sequences of combining characters wi...