Vulnerabilities > Python > Python > 3.7.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-15 | CVE-2021-23336 | HTTP Request Smuggling vulnerability in multiple products The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. | 5.9 |
2020-10-22 | CVE-2020-27619 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | 9.8 |
2020-07-17 | CVE-2020-15801 | Untrusted Search Path vulnerability in multiple products In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. | 7.5 |
2020-07-04 | CVE-2020-15523 | Use of Uninitialized Resource vulnerability in multiple products In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. | 6.9 |
2019-10-23 | CVE-2019-18348 | Injection vulnerability in Python An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. | 6.1 |
2019-06-19 | CVE-2019-12900 | Out-of-bounds Write vulnerability in multiple products BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | 9.8 |
2016-06-30 | CVE-2016-3189 | Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. | 6.5 |