CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 2CVE-2021-29921 – python-ipaddress: Improper input validation of octal strings
https://notcve.org/view.php?id=CVE-2021-29921
In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. En Python antes de la versiones 3,9,5, la biblioteca ipaddress maneja mal los caracteres cero iniciales en los octetos de una cadena de direcciones IP. Esto (en algunas situaciones) permite a los atacantes eludir el control de acceso que se basa en las direcciones IP A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. • https://bugs.python.org/issue36384 https://docs.python.org/3/library/ipaddress.html https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst https://github.com/python/cpython/pull/12577 https://github.com/python/cpython/pull/25099 https://github.com/sickcodes https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html https://security.gentoo.org/gl • CWE-20: Improper Input Validation •
CVSS: 5.7EPSS: 0%CPEs: 22EXPL: 0CVE-2021-3426 – python: Information disclosure via pydoc
https://notcve.org/view.php?id=CVE-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. Se presenta un fallo en pydoc de Python versión 3. • https://bugzilla.redhat.com/show_bug.cgi?id=1935913 https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message&#x • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 1CVE-2021-23336 – Web Cache Poisoning
https://notcve.org/view.php?id=CVE-2021-23336
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. El paquete python/cpython desde versiones 0 y anteriores a 3.6.13, desde versiones 3.7.0 y anteriores a 3.7.10, desde versiones 3.8.0 y anteriores a 3.8.8, desde versiones 3.9.0 y anteriores a 3.9.2, son vulnerables al envenenamiento de caché web por medio de urllib.parse.parse_qsl y urllib.parse.parse_qs usando un vector llamado encubrimiento de parámetros. Cuando el atacante puede separar los parámetros de la consulta usando un punto y coma (;), pueden causar una diferencia en la interpretación de la petición entre el proxy (que se ejecuta con la configuración predeterminada) y el servidor. • http://www.openwall.com/lists/oss-security/2021/02/19/4 http://www.openwall.com/lists/oss-security/2021/05/01/2 https://github.com/python/cpython/pull/24297 https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https:/&#x • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 1CVE-2021-3177 – python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c
https://notcve.org/view.php?id=CVE-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. Python versiones 3.x hasta 3.9.1, presenta un desbordamiento de búfer en la función PyCArg_repr en el archivo _ctypes/callproc.c, que puede conllevar a una ejecución de código remota en determinadas aplicaciones de Python que aceptan números de punto flotante como entrada no confiable, como es demostrado por un argumento 1e300 para c_double.from_param. Esto ocurre porque sprintf es usado de manera no segura A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. • https://bugs.python.org/issue42938 https://github.com/python/cpython/pull/24239 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2G • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2020-27619 – python: Unsafe use of eval() on data retrieved via HTTP in the test suite
https://notcve.org/view.php?id=CVE-2020-27619
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. En Python versiones 3 hasta 3.9.0, las pruebas del códec CJK del archivo Lib/test/multibytecodec_support.py llaman a la función eval() en el contenido recuperado por medio de HTTP In Python3's Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. • https://bugs.python.org/issue41944 https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https:/&# • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •