Vulnerabilities > Python

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-6232 Unspecified vulnerability in Python
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
network
low complexity
python
7.5
2024-08-19 CVE-2024-7592 Unspecified vulnerability in Python
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
network
low complexity
python
7.5
2024-01-19 CVE-2023-50447 Code Injection vulnerability in multiple products
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
network
high complexity
python debian CWE-94
8.1
2023-12-08 CVE-2023-6507 Unspecified vulnerability in Python 3.12.0/3.13.0
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms.
network
low complexity
python
4.9
2023-11-03 CVE-2023-44271 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Pillow before 10.0.0.
network
low complexity
python fedoraproject CWE-770
7.5
2023-10-17 CVE-2023-45803 urllib3 is a user-friendly HTTP client library for Python.
high complexity
python fedoraproject
4.2
2023-10-15 CVE-2018-25091 Open Redirect vulnerability in Python Urllib3
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme).
network
low complexity
python CWE-601
6.1
2023-10-04 CVE-2023-43804 urllib3 is a user-friendly HTTP client library for Python.
network
low complexity
python debian fedoraproject
8.1
2023-08-25 CVE-2023-40217 Unspecified vulnerability in Python
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5.
network
low complexity
python
5.3
2023-08-23 CVE-2023-41105 Untrusted Search Path vulnerability in multiple products
An issue was discovered in Python 3.11 through 3.11.4.
network
low complexity
python netapp CWE-426
7.5