Vulnerabilities > Python > Python > 3.9.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-22 | CVE-2024-9287 | Command Injection vulnerability in Python A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). | 7.8 |
| 2024-09-03 | CVE-2024-6232 | Unspecified vulnerability in Python There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | 7.5 |
| 2024-08-19 | CVE-2024-7592 | Unspecified vulnerability in Python There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | 7.5 |
| 2023-06-25 | CVE-2023-36632 | Uncontrolled Recursion vulnerability in Python The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. | 7.5 |
| 2023-04-19 | CVE-2023-27043 | Improper Input Validation vulnerability in multiple products The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. | 5.3 |