Vulnerabilities > Python > Python > 3.12.4

DATE CVE VULNERABILITY TITLE RISK
2024-10-22 CVE-2024-9287 Command Injection vulnerability in Python
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate").
local
low complexity
python CWE-77
7.8
2024-09-03 CVE-2024-6232 Unspecified vulnerability in Python
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
network
low complexity
python
7.5
2024-08-19 CVE-2024-7592 Unspecified vulnerability in Python
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
network
low complexity
python
7.5