CVE-2019-17514
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.
La biblioteca library/glob.html en la documentación de Python versiones 2 y 3 antes del 2016, presenta información potencialmente engañosa sobre si ocurre la clasificación, como es demostrado por los resultados irreproducibles de la investigación del cáncer. NOTA: los efectos de esta documentación cruzan dominios de aplicación y, por lo tanto, es probable que el código relevante para la seguridad en otros lugares este afectado. Este problema no es un error de implementación de Python, y no existen reportes de que los investigadores de RMN confiaran específicamente en la biblioteca library/glob.html. En otras palabras, debido a que la documentación más antigua declara "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," uno podría haber inferido incorrectamente que la clasificación que ocurre en un shell de Unix también se presentó para glob.glob. Existe una solución alternativa en las versiones más nuevas de Willoughby nmr-data_compilation-p2.py y nmr-data_compilation-p3.py, que llaman a la función sort() directamente.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-10-12 CVE Reserved
- 2019-10-12 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-10-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-682: Incorrect Calculation
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| https://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216 | Third Party Advisory | |
| https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.zip | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20191107-0005 | X_refsource_confirm |
|
| https://twitter.com/LucasCMoore/status/1181615421922824192 | Issue Tracking | |
| https://twitter.com/chris_bloke/status/1181997278136958976 | Third Party Advisory | |
| https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studies | Media Coverage |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.6.0 Search vendor "Python" for product "Python" and version "3.6.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.7.0 Search vendor "Python" for product "Python" and version "3.7.0" | - |
Affected
| ||||||
| Python Search vendor "Python" | Python Search vendor "Python" for product "Python" | 3.8.0 Search vendor "Python" for product "Python" and version "3.8.0" | - |
Affected
| ||||||