Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 878
CVE-2023-38898
** DISPUTED ** An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.
CVE-2023-38898
An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug.
BDU:2024-08836
Уязвимость компонента _asyncio._swap_current_task интерпретатора языка программирования Python, позволяющая нарушителю получить доступ к конфиденциальной информации
BDU:2024-09261
Уязвимость функции os.path.normpath() интерпретатора языка программирования Python, связанная с обходом списка разрешений при усечении пути посредством вставки нулевого байта, позволяющая нарушителю нарушить целостность защищаемой информации
SUSE-SU-2023:2778-1
Security update for python311
SUSE-SU-2023:2641-1
Security update for python39
SUSE-SU-2023:2639-1
Security update for python
GHSA-gv66-v8c8-v69c
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class.
CVE-2023-36632
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code.
CVE-2023-36632
The legacy email.utils.parseaddr function in Python through 3.11.4 all ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-38898 ** DISPUTED ** An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
 | CVE-2023-38898 An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. NOTE: this is disputed by the vendor because (1) neither 3.7 nor any other release is affected (it is a bug in some 3.12 pre-releases); (2) there are no common scenarios in which an adversary can call _asyncio._swap_current_task but does not already have the ability to call arbitrary functions; and (3) there are no common scenarios in which sensitive information, which is not already accessible to an adversary, becomes accessible through this bug. | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
 | BDU:2024-08836 Уязвимость компонента _asyncio._swap_current_task интерпретатора языка программирования Python, позволяющая нарушителю получить доступ к конфиденциальной информации | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
| BDU:2024-09261 Уязвимость функции os.path.normpath() интерпретатора языка программирования Python, связанная с обходом списка разрешений при усечении пути посредством вставки нулевого байта, позволяющая нарушителю нарушить целостность защищаемой информации | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
 | SUSE-SU-2023:2778-1 Security update for python311 | 93% Критический | около 2 лет назад | |
| SUSE-SU-2023:2641-1 Security update for python39 | 93% Критический | около 2 лет назад | |
| SUSE-SU-2023:2639-1 Security update for python | 1% Низкий | около 2 лет назад | |
| GHSA-gv66-v8c8-v69c The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. | 0% Низкий | около 2 лет назад | |
 | CVE-2023-36632 The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data that was supposed to contain a name and an e-mail address. NOTE: email.utils.parseaddr is categorized as a Legacy API in the documentation of the Python email package. Applications should instead use the email.parser.BytesParser or email.parser.Parser class. NOTE: the vendor's perspective is that this is neither a vulnerability nor a bug. The email package is intended to have size limits and to throw an exception when limits are exceeded; they were exceeded by the example demonstration code. | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-36632 The legacy email.utils.parseaddr function in Python through 3.11.4 all ... | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу