Описание
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
In Python3's Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
Отчет
As of Red Hat Quay 3.4 the python runtime will be consumed from RHEL. Currently releases up to 3.3 won't get fixes for this moderate issue.
Меры по смягчению последствий
In versions of Python shipped with Red Hat Enterprise Linux and Red Hat Software Collections, the flaw can be mitigated by not running the python tests with network resources enabled. By default, the tests are not run with network resources enabled. Ensure that -u network or -uall are not passed as options to python -m test. For more information on how these commands work, see [1].
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | python | Out of support scope | ||
| Red Hat Enterprise Linux 6 | python | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python3 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python36:3.6/python36 | Not affected | ||
| Red Hat Quay 3 | quay | Will not fix | ||
| Red Hat Software Collections | rh-python36-python | Out of support scope | ||
| Red Hat Enterprise Linux 8 | python3 | Fixed | RHSA-2021:1633 | 18.05.2021 |
| Red Hat Enterprise Linux 8 | python27 | Fixed | RHSA-2021:4151 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | python38 | Fixed | RHSA-2021:4162 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ...
EPSS
7.5 High
CVSS3