CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3220 – Default mimetype known files writeable on Windows
https://notcve.org/view.php?id=CVE-2024-3220
14 Feb 2025 — There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the incorrect file type. This defect is caused by the default locations of Linux and macOS platforms (such as “/etc/mime.types”) also being used on Windows, where they are user-writable locations (“C:\etc\mime.types”). To wor... • https://mail.python.org/archives/list/security-announce@python.org/thread/CDXW34ND2LSAOYAR5N6UNONP4ZBX4D6R • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-0938 – URL parser allowed square brackets in domain names
https://notcve.org/view.php?id=CVE-2025-0938
31 Jan 2025 — The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers. • https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-11168 – Improper validation of IPv6 and IPvFuture addresses
https://notcve.org/view.php?id=CVE-2024-11168
12 Nov 2024 — The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was po... • https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 • CWE-918: Server-Side Request Forgery (SSRF) CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-9287 – Virtual environment (venv) activation scripts don't quote paths
https://notcve.org/view.php?id=CVE-2024-9287
22 Oct 2024 — A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./ven... • https://github.com/python/cpython/issues/124651 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-6232 – Regular-expression DoS when parsing TarFile headers
https://notcve.org/view.php?id=CVE-2024-6232
03 Sep 2024 — There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive. USN-7015-1 fixed several vulnerabilities in ... • https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-8088 – Infinite loop when iterating over zip archive entry names from zipfile.Path
https://notcve.org/view.php?id=CVE-2024-8088
22 Aug 2024 — There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handlin... • https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-7592 – Quadratic complexity parsing cookies with backslashes
https://notcve.org/view.php?id=CVE-2024-7592
19 Aug 2024 — There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted cha... • https://github.com/python/cpython/issues/123067 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-6923 – Email header injection due to unquoted newlines
https://notcve.org/view.php?id=CVE-2024-6923
01 Aug 2024 — There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the ema... • https://github.com/python/cpython/issues/121650 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-3219 – Pure-Python fallback of socket.socketpair() doesn’t authenticate peer connection
https://notcve.org/view.php?id=CVE-2024-3219
29 Jul 2024 — The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not aff... • https://github.com/python/cpython/pull/122134 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0397 – Memory race condition in ssl.SSLContext certificate store methods
https://notcve.org/view.php?id=CVE-2024-0397
17 Jun 2024 — A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as during the TLS handshake with a certificate directory configured. This issue is fixed in CPython 3.10.14, 3.11.9, 3.12.3, and 3.13.0a5. Se descubrió un defecto en el módulo “ssl” de Python donde existe una condic... • http://www.openwall.com/lists/oss-security/2024/06/17/2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •