GHSA-v3c5-jqr6-7qm8

Опубликовано: 23 дек. 2022

Источник: github

Github: Прошло ревью

CVSS4: 8.7

CVSS3: 7.5

Описание

Python Charmers Future denial of service vulnerability

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server. This issue has been patched in version 0.18.3.

Ссылки

Пакеты

Наименование

future

pip

Затронутые версииВерсия исправления

<= 0.18.2

0.18.3

EPSS

Процентиль: 61%

0.00419

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2022-40899

Дефекты

CWE-400

Связанные уязвимости

CVE-2022-40899

CVSS3: 7.5

ubuntu

больше 2 лет назад

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.

CVE-2022-40899

CVSS3: 7.5

redhat

больше 2 лет назад

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.

CVE-2022-40899

CVSS3: 7.5

nvd

больше 2 лет назад

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.

CVE-2022-40899

CVSS3: 7.5

debian

больше 2 лет назад

An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...

SUSE-SU-2023:0080-1

suse-cvrf

больше 2 лет назад

Security update for python-future

EPSS

Процентиль: 61%

0.00419

Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2022-40899

Дефекты

CWE-400