12 results (0.003 seconds)

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. • https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. • https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483 https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7 https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8 https://github.com/python/cp • CWE-428: Unquoted Search Path or Element •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive. • https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06 https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4 https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY https://github.com/python/cp • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 8.7EPSS: 0%CPEs: 5EXPL: 0

There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected. A flaw was found in Python's zipfile module. • https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU https://github.com/python/cpython/pull/122906 https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db https://github.com/python/cp • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. • https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621 https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1 https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06 https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a https://github.com/python/cp • CWE-400: Uncontrolled Resource Consumption •