Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2025:23530
Vulnerability from osv_almalinux
Published
2025-12-17 00:00
Modified
2025-12-22 14:10
Summary
Important: python39:3.9 security update
Details
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used (CVE-2024-5642)
- python: Virtual environment (venv) activation scripts don't quote paths (CVE-2024-9287)
- python: Improper validation of IPv6 and IPvFuture addresses (CVE-2024-11168)
- python: cpython: URL parser allowed square brackets in domain names (CVE-2025-0938)
- cpython: python: CPython DecodeError Handling Vulnerability (CVE-2025-4516)
- cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435)
- cpython: python: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330)
- python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517)
- cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138)
- cpython: Python HTMLParser quadratic complexity (CVE-2025-6069)
- cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked (CVE-2025-8291)
- python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.25-2.module_el8.10.0+4083+53cad1fb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-Cython"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.29.21-5.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-Cython"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.29.21-5.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-PyMySQL"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.1-2.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-attrs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20.3.0-2.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-cffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.3-2.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-cffi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.3-2.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-chardet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.4-19.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-cryptography"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.1-3.module_el8.10.0+3765+2f9a457d"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.25-2.module_el8.10.0+4083+53cad1fb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.25-2.module_el8.10.0+4083+53cad1fb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-idle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.25-2.module_el8.10.0+4083+53cad1fb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-idna"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10-4.module_el8.10.0+3849+a48d89aa"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-iniconfig"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.1-2.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.25-2.module_el8.10.0+4083+53cad1fb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-lxml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.6.5-1.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-lxml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.6.5-1.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-mod_wsgi"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.7.1-7.module_el8.10.0+3989+a618fe15.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-more-itertools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.5.0-2.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-numpy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.4-3.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-numpy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.4-3.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-numpy-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.4-3.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-numpy-f2py"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.4-3.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-numpy-f2py"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19.4-3.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20.4-4.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pip"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20.2.4-9.module_el8.10.0+3765+2f9a457d"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pip-wheel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "20.2.4-9.module_el8.10.0+3765+2f9a457d"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pluggy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.13.1-3.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-ply"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11-10.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-psutil"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.8.0-4.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-psutil"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.8.0-4.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-psycopg2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.6-3.module_el8.10.0+3765+2f9a457d"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-psycopg2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.6-3.module_el8.10.0+3765+2f9a457d"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-psycopg2-tests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.6-3.module_el8.10.0+3765+2f9a457d"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-py"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.0-1.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pybind11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.1-1.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pybind11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.1-1.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pybind11-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.1-1.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pybind11-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.1-1.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pycparser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.20-3.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pyparsing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.7-5.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pysocks"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.1-4.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pytest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.2-2.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pyyaml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.4.1-1.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-pyyaml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.4.1-1.module_el8.6.0+3248+c431e88c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-requests"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.25.0-3.module_el8.9.0+3634+fb2a896c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.25-2.module_el8.10.0+4083+53cad1fb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-scipy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.4-5.module_el8.9.0+3634+fb2a896c"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-setuptools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "50.3.2-7.module_el8.10.0+4040+9207bbc0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-setuptools-wheel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "50.3.2-7.module_el8.10.0+4040+9207bbc0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-six"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.0-3.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.25-2.module_el8.10.0+4083+53cad1fb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-tkinter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.9.25-2.module_el8.10.0+4083+53cad1fb"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-toml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.1-5.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.25.10-5.module_el8.10.0+3765+2f9a457d"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-wcwidth"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.5-3.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-wheel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.35.1-4.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python39-wheel-wheel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:0.35.1-4.module_el8.6.0+2780+a40f65e1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. \n\nSecurity Fix(es): \n\n * python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used (CVE-2024-5642)\n * python: Virtual environment (venv) activation scripts don\u0027t quote paths (CVE-2024-9287)\n * python: Improper validation of IPv6 and IPvFuture addresses (CVE-2024-11168)\n * python: cpython: URL parser allowed square brackets in domain names (CVE-2025-0938)\n * cpython: python: CPython DecodeError Handling Vulnerability (CVE-2025-4516)\n * cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435)\n * cpython: python: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330)\n * python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517)\n * cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138)\n * cpython: Python HTMLParser quadratic complexity (CVE-2025-6069)\n * cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked (CVE-2025-8291)\n * python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:23530",
"modified": "2025-12-22T14:10:23Z",
"published": "2025-12-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:23530"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-11168"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-9287"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-0938"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-4330"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-4435"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-4516"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2294682"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2321440"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2325776"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2343237"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2366509"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2370010"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2370014"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2370016"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2372426"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2373234"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2402342"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2408891"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-23530.html"
}
],
"related": [
"CVE-2024-5642",
"CVE-2024-9287",
"CVE-2024-11168",
"CVE-2025-0938",
"CVE-2025-4516",
"CVE-2025-4435",
"CVE-2025-4330",
"CVE-2025-4517",
"CVE-2025-4138",
"CVE-2025-6069",
"CVE-2025-8291",
"CVE-2025-6075"
],
"summary": "Important: python39:3.9 security update"
}
CVE-2025-6069 (GCVE-0-2025-6069)
Vulnerability from cvelistv5 – Published: 2025-06-17 13:39 – Updated: 2025-10-09 18:37
VLAI?
EPSS
Title
HTMLParser quadratic complexity when processing malformed inputs
Summary
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
Severity ?
4.3 (Medium)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.24
(python)
Affected: 3.10.0 , < 3.10.19 (python) Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.6 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Serhiy Storchaka
Jake Howard
sw0rd1ight
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:58:28.646020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:58:41.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"html.parser"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.19",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.6",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "reporter",
"value": "Jake Howard"
},
{
"lang": "en",
"type": "finder",
"value": "sw0rd1ight"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service."
}
],
"value": "The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333 Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T18:37:55.979Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135462"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135464"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8d1b3dfa09135affbbf27fb8babcf3c11415df49"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ab0893fd5c579d9cea30841680e6d35fc478afb5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f3c6f882cddc8dc30320d2e73edf019e201394fc"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/fdc9d214c01cb4588f540cfa03726bbf2a33fc15"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HTMLParser quadratic complexity when processing malformed inputs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-6069",
"datePublished": "2025-06-17T13:39:46.058Z",
"dateReserved": "2025-06-13T14:05:15.473Z",
"dateUpdated": "2025-10-09T18:37:55.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4330 (GCVE-0-2025-4330)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:58 – Updated: 2025-07-07 17:36
VLAI?
EPSS
Title
Extraction filter bypass for linking outside extraction directory
Summary
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Caleb Brown (Google)
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4330",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T13:27:07.778910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:24:45.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"tarfile"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:36:07.725Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Extraction filter bypass for linking outside extraction directory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4330",
"datePublished": "2025-06-03T12:58:57.452Z",
"dateReserved": "2025-05-05T15:05:14.302Z",
"dateUpdated": "2025-07-07T17:36:07.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4435 (GCVE-0-2025-4435)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:59 – Updated: 2025-07-07 17:36
VLAI?
EPSS
Title
Tarfile extracts filtered members when errorlevel=0
Summary
When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.
Severity ?
7.5 (High)
CWE
- CWE-682 - Incorrect Calculation
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Chuck Woodraska
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
Seth Larson
Matt Prodani
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T13:58:00.099450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:34:40.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"tarfile"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Chuck Woodraska"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Matt Prodani"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen using a \u003c/span\u003e\u003ccode\u003eTarFile.errorlevel = 0\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of \u003c/span\u003e\u003ccode\u003eTarFile.errorlevel = 0\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;in affected versions is that the member would still be extracted and not skipped.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "When using a TarFile.errorlevel = 0\u00a0and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0\u00a0in affected versions is that the member would still be extracted and not skipped."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:36:13.968Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Tarfile extracts filtered members when errorlevel=0",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4435",
"datePublished": "2025-06-03T12:59:06.792Z",
"dateReserved": "2025-05-08T15:05:11.874Z",
"dateUpdated": "2025-07-07T17:36:13.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4138 (GCVE-0-2025-4138)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:59 – Updated: 2025-07-07 17:36
VLAI?
EPSS
Title
Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
Summary
Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Caleb Brown (Google)
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T13:29:22.889454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T13:29:36.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"tarfile"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eNote that for Python 3.14 or later the default value of \u003c/span\u003e\u003ccode\u003efilter=\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:36:01.739Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4138",
"datePublished": "2025-06-03T12:59:02.717Z",
"dateReserved": "2025-04-30T13:35:55.675Z",
"dateUpdated": "2025-07-07T17:36:01.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11168 (GCVE-0-2024-11168)
Vulnerability from cvelistv5 – Published: 2024-11-12 21:22 – Updated: 2025-11-03 21:51
VLAI?
EPSS
Title
Improper validation of IPv6 and IPvFuture addresses
Summary
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.21
(python)
Affected: 3.10.0 , < 3.10.16 (python) Affected: 3.11.0 , < 3.11.4 (python) Affected: 3.12.0a1 , < 3.12.0b1 (python) |
Credits
zer0yu (IPASSLab && ZGC Lab)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python_software_foundation",
"versions": [
{
"lessThan": "3.11.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.12.0b1",
"status": "affected",
"version": "3.12.0a1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T15:09:42.748084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-06T17:59:48.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:51:45.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250411-0004/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.21",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.16",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.4",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.0b1",
"status": "affected",
"version": "3.12.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zer0yu (IPASSLab \u0026\u0026 ZGC Lab)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren\u0027t IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.\u003cbr\u003e"
}
],
"value": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren\u0027t IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T20:29:59.700Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/103849"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/103848"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper validation of IPv6 and IPvFuture addresses",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-11168",
"datePublished": "2024-11-12T21:22:23.438Z",
"dateReserved": "2024-11-12T21:13:15.779Z",
"dateUpdated": "2025-11-03T21:51:45.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4517 (GCVE-0-2025-4517)
Vulnerability from cvelistv5 – Published: 2025-06-03 12:58 – Updated: 2025-10-24 03:55
VLAI?
EPSS
Title
Arbitrary writes via tarfile realpath overflow
Summary
Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".
You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information.
Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.
Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.
Severity ?
9.4 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b3 (python) |
Credits
Caleb Brown (Google)
Petr Viktorin
Serhiy Storchaka
Hugo van Kemenade
Łukasz Langa
Thomas Wouters
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T03:55:17.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"tarfile"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b3",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Petr Viktorin"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Hugo van Kemenade"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "\u0141ukasz Langa"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Thomas Wouters"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows arbitrary filesystem writes outside the extraction directory during extraction with \u003c/span\u003e\u003ccode\u003efilter=\"data\"\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=\"data\".\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T17:36:26.194Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/135034"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/135037"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"tags": [
"mitigation"
],
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary writes via tarfile realpath overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4517",
"datePublished": "2025-06-03T12:58:50.352Z",
"dateReserved": "2025-05-09T15:05:07.139Z",
"dateUpdated": "2025-10-24T03:55:17.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4516 (GCVE-0-2025-4516)
Vulnerability from cvelistv5 – Published: 2025-05-15 13:29 – Updated: 2025-06-03 20:53
VLAI?
EPSS
Title
Use-after-free in "unicode_escape" decoder with error handler
Summary
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.23
(python)
Affected: 3.10.0 , < 3.10.18 (python) Affected: 3.11.0 , < 3.11.13 (python) Affected: 3.12.0 , < 3.12.11 (python) Affected: 3.13.0 , < 3.13.4 (python) Affected: 3.14.0a1 , < 3.14.0b2 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T14:18:44.612125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T14:18:50.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-19T10:03:31.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/16/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/19/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.23",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.18",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.13",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.11",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.4",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0b2",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError."
}
],
"value": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T20:53:33.583Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/133767"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/129648"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Use-after-free in \"unicode_escape\" decoder with error handler",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-4516",
"datePublished": "2025-05-15T13:29:20.126Z",
"dateReserved": "2025-05-09T14:59:53.878Z",
"dateUpdated": "2025-06-03T20:53:33.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6075 (GCVE-0-2025-6075)
Vulnerability from cvelistv5 – Published: 2025-10-31 16:41 – Updated: 2025-12-02 17:43
VLAI?
EPSS
Title
Quadratic complexity in os.path.expandvars() with user-controlled template
Summary
If the value passed to os.path.expandvars() is user-controlled a
performance degradation is possible when expanding environment
variables.
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.13.10
(python)
Affected: 3.14.0 , < 3.14.1 (python) Affected: 3.15.0a1 , < 3.15.0a2 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6075",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:54:46.289107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:55:40.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.13.10",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
},
{
"lessThan": "3.15.0a2",
"status": "affected",
"version": "3.15.0a1",
"versionType": "python"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.14.0",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIf the value passed to os.path.expandvars() is user-controlled a \nperformance degradation is possible when expanding environment \nvariables.\u003c/div\u003e"
}
],
"value": "If the value passed to os.path.expandvars() is user-controlled a \nperformance degradation is possible when expanding environment \nvariables."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 1.8,
"baseSeverity": "LOW",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:43:40.508Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/136065"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/2e6150adccaaf5bd95d4c19dfd04a36e0b325d8c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/631ba3407e3348ccd56ce5160c4fb2c5dc5f4d84"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/892747b4cf0f95ba8beb51c0d0658bfaa381ebca"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9ab89c026aa9611c4b0b67c288b8303a480fe742"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/c8a5f3435c342964e0a432cc9fb448b7dbecd1ba"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/5dceb93486176e6b4a6d9754491005113eb23427"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Quadratic complexity in os.path.expandvars() with user-controlled template",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-6075",
"datePublished": "2025-10-31T16:41:34.983Z",
"dateReserved": "2025-06-13T15:05:20.139Z",
"dateUpdated": "2025-12-02T17:43:40.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8291 (GCVE-0-2025-8291)
Vulnerability from cvelistv5 – Published: 2025-10-07 18:10 – Updated: 2025-12-02 17:43
VLAI?
EPSS
Title
ZIP64 End of Central Directory (EOCD) Locator record offset not checked
Summary
The 'zipfile' module would not check the validity of the ZIP64 End of
Central Directory (EOCD) Locator record offset value would not be used to
locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be
assumed to be the previous record in the ZIP archive. This could be abused
to create ZIP archives that are handled differently by the 'zipfile' module
compared to other ZIP implementations.
Remediation maintains this behavior, but checks that the offset specified
in the ZIP64 EOCD Locator record matches the expected value.
Severity ?
4.3 (Medium)
CWE
- CWE-1285 - Improper Validation of Specified Index, Position, or Offset in Input
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.24
(python)
Affected: 3.10.0 , < 3.10.19 (python) Affected: 3.11.0 , < 3.11.14 (python) Affected: 3.12.0 , < 3.12.12 (python) Affected: 3.13.0 , < 3.13.10 (python) Affected: 3.14.0 , < 3.14.1 (python) |
Credits
Caleb Brown (Google)
Serhiy Storchaka
Seth Larson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8291",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-29T15:15:06.403842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T15:15:27.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2025-12.json"
},
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://github.com/google/security-research/security/advisories/GHSA-hhv7-p4pg-wm6p"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.19",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.14",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.12",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.10",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.1",
"status": "affected",
"version": "3.14.0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Caleb Brown (Google)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Serhiy Storchaka"
},
{
"lang": "en",
"type": "coordinator",
"value": "Seth Larson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\u003c/p\u003e\n\u003cp\u003eRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.\u003c/p\u003e"
}
],
"value": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T17:43:54.139Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/139702"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/139700"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/1d29afb0d6218aa8fb5e1e4a6133a4778d89bb46"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/76437ac248ad8ca44e9bf697b02b1e2241df2196"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8392b2f0d35678407d9ce7d95655a5b77de161b4"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/bca11ae7d575d87ed93f5dd6a313be6246e3e388"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d11e69d6203080e3ec450446bfed0516727b85c3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "ZIP64 End of Central Directory (EOCD) Locator record offset not checked",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-8291",
"datePublished": "2025-10-07T18:10:05.908Z",
"dateReserved": "2025-07-28T21:05:06.237Z",
"dateUpdated": "2025-12-02T17:43:54.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0938 (GCVE-0-2025-0938)
Vulnerability from cvelistv5 – Published: 2025-01-31 17:51 – Updated: 2025-11-03 20:56
VLAI?
EPSS
Title
URL parser allowed square brackets in domain names
Summary
The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.
Severity ?
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.22
(python)
Affected: 3.10.0 , < 3.10.17 (python) Affected: 3.11.0 , < 3.11.12 (python) Affected: 3.12.0 , < 3.12.9 (python) Affected: 3.13.0 , < 3.13.2 (python) Affected: 3.14.0a1 , < 3.14.0a5 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T18:50:16.654297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T18:50:29.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:56:43.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250314-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00013.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.22",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.17",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.12",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.9",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.2",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0a5",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.\u003cbr\u003e"
}
],
"value": "The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn\u0027t valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T17:35:52.426Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/105704"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/129418"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/90e526ae67b172ed7c6c56e7edad36263b0f9403"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a7084f6075c9595ba60119ce8c62f1496f50c568"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/526617ed68cde460236c973e5d0a8bad4de896ba"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/b8b4b713c5f8ec0958c7ef8d29d6711889bc94ab"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ff4e5c25666f63544071a6b075ae8b25c98b7a32"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "URL parser allowed square brackets in domain names",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2025-0938",
"datePublished": "2025-01-31T17:51:35.898Z",
"dateReserved": "2025-01-31T17:45:10.107Z",
"dateUpdated": "2025-11-03T20:56:43.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5642 (GCVE-0-2024-5642)
Vulnerability from cvelistv5 – Published: 2024-06-27 21:05 – Updated: 2025-10-09 18:36
VLAI?
EPSS
Title
Buffer overread when using an empty list with SSLContext.set_npn_protocols()
Summary
CPython 3.9 and earlier doesn't disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).
Severity ?
6.5 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.24
(python)
Affected: 3.10.0a1 , < 3.10.0b1 (python) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-5642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T13:47:34.169947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T20:14:30.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:06.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html"
},
{
"tags": [
"mitigation",
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/23014"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/121227"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240726-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.24",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.0b1",
"status": "affected",
"version": "3.10.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CPython 3.9 and earlier doesn\u0027t disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see \u003cspan style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\"\u003eCVE\u003c/span\u003e\u003cspan style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\"\u003e-2024\u003c/span\u003e\u003cspan style=\"background-color: oklab(0.0852327 0.00000386313 0.00000170618 / 0.06);\"\u003e-5535\u003c/span\u003e for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured).\u003cbr\u003e"
}
],
"value": "CPython 3.9 and earlier doesn\u0027t disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured)."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T18:36:41.965Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://jbp.io/2024/06/27/cve-2024-5535-openssl-memory-safety.html"
},
{
"tags": [
"mitigation"
],
"url": "https://github.com/python/cpython/pull/23014"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/39258d3595300bc7b952854c915f63ae2d4b9c3e"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/28/4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/121227"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240726-0005/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/a2cdbb6e8188ba9ba8b356b28d91bff60e86fe31"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Buffer overread when using an empty list with SSLContext.set_npn_protocols()",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-5642",
"datePublished": "2024-06-27T21:05:31.281Z",
"dateReserved": "2024-06-04T18:40:21.539Z",
"dateUpdated": "2025-10-09T18:36:41.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9287 (GCVE-0-2024-9287)
Vulnerability from cvelistv5 – Published: 2024-10-22 16:34 – Updated: 2025-11-03 22:33
VLAI?
EPSS
Title
Virtual environment (venv) activation scripts don't quote paths
Summary
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
Severity ?
CWE
- CWE-428 - Unquoted Search Path or Element
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Python Software Foundation | CPython |
Affected:
0 , < 3.9.21
(python)
Affected: 3.10.0 , < 3.10.16 (python) Affected: 3.11.0 , < 3.11.11 (python) Affected: 3.12.0 , < 3.12.8 (python) Affected: 3.13.0 , < 3.13.1 (python) Affected: 3.14.0a1 , < 3.14.0a2 (python) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpython",
"vendor": "python",
"versions": [
{
"lessThanOrEqual": "3.13.0",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T03:55:30.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:33:21.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250425-0006/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"venv"
],
"product": "CPython",
"repo": "https://github.com/python/cpython",
"vendor": "Python Software Foundation",
"versions": [
{
"lessThan": "3.9.21",
"status": "affected",
"version": "0",
"versionType": "python"
},
{
"lessThan": "3.10.16",
"status": "affected",
"version": "3.10.0",
"versionType": "python"
},
{
"lessThan": "3.11.11",
"status": "affected",
"version": "3.11.0",
"versionType": "python"
},
{
"lessThan": "3.12.8",
"status": "affected",
"version": "3.12.0",
"versionType": "python"
},
{
"lessThan": "3.13.1",
"status": "affected",
"version": "3.13.0",
"versionType": "python"
},
{
"lessThan": "3.14.0a2",
"status": "affected",
"version": "3.14.0a1",
"versionType": "python"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected.\u003cbr\u003e"
}
],
"value": "A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts (ie \"source venv/bin/activate\"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren\u0027t activated before being used (ie \"./venv/bin/python\") are not affected."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T19:55:27.648Z",
"orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"shortName": "PSF"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/python/cpython/issues/124651"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/pull/124712"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97"
},
{
"tags": [
"patch"
],
"url": "https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Virtual environment (venv) activation scripts don\u0027t quote paths",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
"assignerShortName": "PSF",
"cveId": "CVE-2024-9287",
"datePublished": "2024-10-22T16:34:39.210Z",
"dateReserved": "2024-09-27T14:48:44.181Z",
"dateUpdated": "2025-11-03T22:33:21.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…