Vulnerabilities > Python > Python > 3.12.0

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-9287 Command Injection vulnerability in Python
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate").
local
low complexity
python CWE-77
7.8
2024-09-03 CVE-2024-6232 Unspecified vulnerability in Python
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
network
low complexity
python
7.5
2024-08-19 CVE-2024-7592 Unspecified vulnerability in Python
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
network
low complexity
python
7.5
2023-12-08 CVE-2023-6507 Unspecified vulnerability in Python 3.12.0/3.13.0
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms.
network
low complexity
python
4.9
2023-06-07 CVE-2023-33595 Use After Free vulnerability in Python 3.12.0
CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c.
local
low complexity
python CWE-416
5.5