Vulnerabilities > Python > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-6232 Unspecified vulnerability in Python
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
network
low complexity
python
7.5
2024-08-19 CVE-2024-7592 Unspecified vulnerability in Python
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
network
low complexity
python
7.5
2024-01-19 CVE-2023-50447 Code Injection vulnerability in multiple products
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
network
high complexity
python debian CWE-94
8.1
2023-11-03 CVE-2023-44271 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Pillow before 10.0.0.
network
low complexity
python fedoraproject CWE-770
7.5
2023-10-04 CVE-2023-43804 urllib3 is a user-friendly HTTP client library for Python.
network
low complexity
python debian fedoraproject
8.1
2023-08-23 CVE-2023-41105 Untrusted Search Path vulnerability in multiple products
An issue was discovered in Python 3.11 through 3.11.4.
network
low complexity
python netapp CWE-426
7.5
2023-08-22 CVE-2022-48560 Use After Free vulnerability in multiple products
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
network
low complexity
python debian CWE-416
7.5
2023-06-25 CVE-2023-36632 Uncontrolled Recursion vulnerability in Python
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument.
network
low complexity
python CWE-674
7.5
2023-02-17 CVE-2023-24329 Improper Input Validation vulnerability in multiple products
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
network
low complexity
python fedoraproject netapp CWE-20
7.5
2022-11-14 CVE-2022-45198 Unspecified vulnerability in Python Pillow
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
network
low complexity
python
7.5