CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32879 – social-auth-app-django Improper Handling of Case Sensitivity vulnerability
https://notcve.org/view.php?id=CVE-2024-32879
24 Apr 2024 — Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field. Python Social Auth es un mecanismo de autenticación/registro social. • https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138 • CWE-178: Improper Handling of Case Sensitivity CWE-303: Incorrect Implementation of Authentication Algorithm •
CVSS: 6.7EPSS: 0%CPEs: 23EXPL: 0CVE-2024-28219 – python-pillow: buffer overflow in _imagingcms.c
https://notcve.org/view.php?id=CVE-2024-28219
03 Apr 2024 — In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. En _imagingcms.c en Pillow anterior a 10.3.0, existe un desbordamiento del búfer porque se usa strcpy en lugar de strncpy. A flaw was found in Pillow. The cms_transform_new function in src/_imagingcms.c does not validate the length of its parameters before copying them into fixed-size buffers, leading to a buffer overflow, resulting in a denial of service. USN-6744-1 fixed a vulnerability in Pillow.... • https://lists.debian.org/debian-lts-announce/2024/04/msg00008.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6597 – python: Path traversal on tempfile.TemporaryDirectory
https://notcve.org/view.php?id=CVE-2023-6597
19 Mar 2024 — An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Se encontró un problema en la clase CPython `tempfile.TemporaryDirectory` que afecta a las versiones 3.12.2,... • http://www.openwall.com/lists/oss-security/2024/03/20/5 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0450 – Quoted zip-bomb protection for zipfile
https://notcve.org/view.php?id=CVE-2024-0450
19 Mar 2024 — An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. Se encontró un problema en el módulo `zipfile` de CPython que afecta a las versiones 3.12.2, 3.11.8, 3.10.13, 3.9.18 y 3.8.18 y an... • http://www.openwall.com/lists/oss-security/2024/03/20/5 • CWE-405: Asymmetric Resource Consumption (Amplification) CWE-450: Multiple Interpretations of UI Input •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21503 – psf/black: ReDoS via the lines_with_leading_tabs_expanded() function in strings.py file
https://notcve.org/view.php?id=CVE-2024-21503
19 Mar 2024 — Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. Las versiones del paquete black anteriores a la 24.3.0 son vu... • https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8 • CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50782 – Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
https://notcve.org/view.php?id=CVE-2023-50782
05 Feb 2024 — A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Se encontró una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles. Hubert Kario dis... • https://access.redhat.com/security/cve/CVE-2023-50782 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 8.1EPSS: 1%CPEs: 2EXPL: 0CVE-2023-50447 – pillow: Arbitrary Code Execution via the environment parameter
https://notcve.org/view.php?id=CVE-2023-50447
19 Jan 2024 — Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). Pillow hasta la versión 10.1.0 permite la ejecución de código arbitrario PIL.ImageMath.eval a través del parámetro de entorno, una vulnerabilidad diferente a CVE-2022-22817 (que se refería al parámetro de expresión). A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL... • http://www.openwall.com/lists/oss-security/2024/01/20/1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6507 – Groups not dropped before running subprocess when using empty 'extra_groups' parameter
https://notcve.org/view.php?id=CVE-2023-6507
08 Dec 2023 — An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. Thi... • https://github.com/python/cpython/commit/10e9bb13b8dcaa414645b9bd10718d8f7179e82b • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-44271 – python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument
https://notcve.org/view.php?id=CVE-2023-44271
03 Nov 2023 — An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. Se descubrió un problema en Pillow antes de la versión 10.0.0. Es una Denegación de Servicio que asigna memoria de forma incontrolable para procesar una tarea determinada, lo que puede provoc... • https://devhub.checkmarx.com/cve-details/CVE-2023-44271 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-45803 – Request body not stripped after redirect in urllib3
https://notcve.org/view.php?id=CVE-2023-45803
17 Oct 2023 — urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP c... • https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •