Vulnerabilities > Python > Python > 3.12.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-9287 | Command Injection vulnerability in Python A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). | 7.8 |
| 2024-09-03 | CVE-2024-6232 | Unspecified vulnerability in Python There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | 7.5 |
| 2024-08-19 | CVE-2024-7592 | Unspecified vulnerability in Python There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | 7.5 |
| 2023-12-08 | CVE-2023-6507 | Unspecified vulnerability in Python 3.12.0/3.13.0 An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. | 4.9 |
| 2023-06-07 | CVE-2023-33595 | Use After Free vulnerability in Python 3.12.0 CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | 5.5 |