CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40217 – python: TLS handshake bypass
https://notcve.org/view.php?id=CVE-2023-40217
25 Aug 2023 — An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This da... • https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-41105 – python: file path truncation at \0 characters
https://notcve.org/view.php?id=CVE-2023-41105
23 Aug 2023 — An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Python 3.11 os.path.normpath() function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may ... • https://github.com/JawadPy/CVE-2023-41105-Exploit • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-426: Untrusted Search Path •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 1CVE-2023-36632
https://notcve.org/view.php?id=CVE-2023-36632
25 Jun 2023 — The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or e... • https://docs.python.org/3/library/email.html • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 5CVE-2023-24329 – python: urllib.parse url blocklisting bypass
https://notcve.org/view.php?id=CVE-2023-24329
17 Feb 2023 — An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containeri... • https://github.com/JawadPy/CVE-2023-24329-Exploit • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 1CVE-2022-45061 – python: CPU denial of service via inefficient IDNA decoder
https://notcve.org/view.php?id=CVE-2022-45061
09 Nov 2022 — An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostna... • https://github.com/python/cpython/issues/98433 • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0CVE-2020-10735 – python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS
https://notcve.org/view.php?id=CVE-2020-10735
09 Sep 2022 — A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en python. En los algoritmos con complejidad de tiempo cuadrática que usan bases no binarias, cuan... • http://www.openwall.com/lists/oss-security/2022/09/21/1 • CWE-400: Uncontrolled Resource Consumption CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2021-28861 – python: open redirection vulnerability in lib/http/server.py may lead to information disclosure
https://notcve.org/view.php?id=CVE-2021-28861
23 Aug 2022 — Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." ** EN DISPUTA ** Python versiones 3.x hasta la versión 3.10, presenta una vulnerabilidad de redireccionamiento abierto ... • https://bugs.python.org/issue43223 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 1CVE-2022-26488
https://notcve.org/view.php?id=CVE-2022-26488
07 Mar 2022 — In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) t... • https://github.com/techspence/PyPATHPwner • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 93%CPEs: 5EXPL: 6CVE-2007-4559 – python: tarfile module directory traversal
https://notcve.org/view.php?id=CVE-2007-4559
28 Aug 2007 — Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. Vulnerabilidad de salto de directorio en las funciones (1) extract y (2) extractall en el módulo tarfile en Python permite a atacantes remotos con la intervención del usuario sobrescribir archivos de su elección a través de la secuencia .... • https://github.com/davidholiday/CVE-2007-4559 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •