2.7.13

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-17	CVE-2023-24329	Improper Input Validation vulnerability in multiple products An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. network low complexity python fedoraproject netapp CWE-20	7.5
2022-11-09	CVE-2022-45061	Algorithmic Complexity vulnerability in multiple products An issue was discovered in Python before 3.11.1. network low complexity python fedoraproject netapp CWE-407	7.5
2022-06-16	CVE-2017-20052	Unspecified vulnerability in Python 2.7.13 A vulnerability classified as problematic was found in Python 2.7.13. local low complexity python	7.8
2022-03-10	CVE-2022-26488	Untrusted Search Path vulnerability in multiple products In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. local high complexity python netapp CWE-426	7.0
2022-03-10	CVE-2021-3733	Resource Exhaustion vulnerability in multiple products There's a flaw in urllib's AbstractBasicAuthHandler class. network low complexity python redhat fedoraproject netapp CWE-400	6.5
2022-02-09	CVE-2022-0391	Injection vulnerability in multiple products A flaw was found in Python, specifically within the urllib.parse module. network low complexity python netapp fedoraproject oracle CWE-74	7.5
2021-05-20	CVE-2021-3426	Path Traversal vulnerability in multiple products There's a flaw in Python 3's pydoc. low complexity python fedoraproject debian redhat netapp oracle CWE-22	5.7
2021-02-15	CVE-2021-23336	HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. network high complexity python fedoraproject debian netapp djangoproject oracle CWE-444	5.9
2020-02-04	CVE-2019-9674	Resource Exhaustion vulnerability in multiple products Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. network low complexity python canonical netapp CWE-400	7.5
2020-01-30	CVE-2020-8492	Resource Exhaustion vulnerability in multiple products Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. network low complexity python opensuse canonical fedoraproject debian CWE-400	6.5