Vulnerabilities > Python > Python > 3.6.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-9287 | Command Injection vulnerability in Python A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). | 7.8 |
| 2024-09-03 | CVE-2024-6232 | Unspecified vulnerability in Python There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | 7.5 |
| 2024-08-19 | CVE-2024-7592 | Unspecified vulnerability in Python There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | 7.5 |
| 2023-08-25 | CVE-2023-40217 | Unspecified vulnerability in Python An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. | 5.3 |
| 2023-08-22 | CVE-2022-48564 | Resource Exhaustion vulnerability in multiple products read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | 6.5 |
| 2023-08-22 | CVE-2022-48565 | XXE vulnerability in multiple products An XML External Entity (XXE) issue was discovered in Python through 3.9.1. | 9.8 |
| 2023-08-22 | CVE-2022-48566 | Race Condition vulnerability in multiple products An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. | 5.9 |
| 2023-06-25 | CVE-2023-36632 | Uncontrolled Recursion vulnerability in Python The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. | 7.5 |
| 2023-04-19 | CVE-2023-27043 | Improper Input Validation vulnerability in Python The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. | 5.3 |
| 2023-02-17 | CVE-2023-24329 | Improper Input Validation vulnerability in multiple products An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | 7.5 |