Python

Python

126 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2025-8869

  • EPSS 0.06%
  • Veröffentlicht 24.09.2025 15:15:41
  • Zuletzt bearbeitet 24.09.2025 18:11:24

When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilit...

7.8

CVE-2024-9287

  • EPSS 0.04%
  • Veröffentlicht 22.10.2024 17:15:06
  • Zuletzt bearbeitet 25.04.2025 23:15:16

A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "sou...

7.5

CVE-2024-6232

Exploit
  • EPSS 1.55%
  • Veröffentlicht 03.09.2024 13:15:05
  • Zuletzt bearbeitet 20.03.2025 18:15:18

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

7.5

CVE-2024-7592

Exploit
  • EPSS 0.39%
  • Veröffentlicht 19.08.2024 19:15:08
  • Zuletzt bearbeitet 05.02.2025 21:13:47

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quad...

4.9

CVE-2023-6507

  • EPSS 0.04%
  • Veröffentlicht 08.12.2023 19:15:08
  • Zuletzt bearbeitet 21.11.2024 08:43:59

An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]...

5.3

CVE-2023-40217

  • EPSS 0.34%
  • Veröffentlicht 25.08.2023 01:15:09
  • Zuletzt bearbeitet 21.11.2024 08:19:01

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, rec...

7.5

CVE-2023-41105

  • EPSS 0.18%
  • Veröffentlicht 23.08.2023 07:15:08
  • Zuletzt bearbeitet 21.11.2024 08:20:35

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejec...

9.8

CVE-2022-48565

Exploit
  • EPSS 4.12%
  • Veröffentlicht 22.08.2023 19:16:32
  • Zuletzt bearbeitet 21.11.2024 07:33:30

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

5.9

CVE-2022-48566

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.08.2023 19:16:32
  • Zuletzt bearbeitet 21.11.2024 07:33:31

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

7.5

CVE-2022-48560

Exploit
  • EPSS 0.19%
  • Veröffentlicht 22.08.2023 19:16:31
  • Zuletzt bearbeitet 21.11.2024 07:33:30

A use-after-free exists in Python through 3.9 via heappushpop in heapq.