Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-12084

Опубликовано: 03 дек. 2025
Источник: debian
EPSS Низкий

Описание

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python3.14fixed3.14.2-1package
python3.13fixed3.13.11-1package
python3.13no-dsatrixiepackage
python3.11removedpackage
python3.11no-dsabookwormpackage
python3.9removedpackage
python2.7removedpackage
python2.7end-of-lifebullseyepackage
pypy3unfixedpackage
pypy3no-dsatrixiepackage
pypy3no-dsabookwormpackage
pypy3postponedbullseyepackage
jythonunfixedpackage
jythonno-dsatrixiepackage
jythonno-dsabookwormpackage
jythonend-of-lifebullseyepackage

Примечания

  • https://github.com/python/cpython/pull/142146

  • https://github.com/python/cpython/issues/142145

  • Fixed by: https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4 (main)

  • Fixed by: https://github.com/python/cpython/commit/027f21e417b26eed4505ac2db101a4352b7c51a0 (v3.14.2)

  • Fixed by: https://github.com/python/cpython/commit/ddcd2acd85d891a53e281c773b3093f9db953964 (v3.13.11)

  • Regression: https://github.com/python/cpython/issues/142754

  • Regression: https://github.com/python/cpython/commit/1cc7551b3f9f71efbc88d96dce90f82de98b2454 (v3.15.0a3)

EPSS

Процентиль: 26%
0.0009
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-12084

CVSS3: 5.3
ubuntu
2 месяца назад

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

nvd логотип

CVE-2025-12084

CVSS3: 5.3
nvd
2 месяца назад

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

msrc логотип

CVE-2025-12084

msrc
2 месяца назад

Quadratic complexity in node ID cache clearing

github логотип

GHSA-hfqx-732w-xrrw

CVSS3: 5.3
github
2 месяца назад

When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadratic. Availability can be impacted when building excessively nested documents.

oracle-oval логотип

ELSA-2026-1478

oracle-oval
7 дней назад

ELSA-2026-1478: python3.9 security update (MODERATE)

EPSS

Процентиль: 26%
0.0009
Низкий