Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 910
BDU:2023-05002
Уязвимость класса SSLSocket интерпретатора языка программирования Python, позволяющая нарушителю раскрыть защищаемую информацию
GHSA-65fx-pmw6-rcfm
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path conta ...
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
CVE-2023-41105
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
GHSA-crhm-wc96-7579
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
GHSA-cgfh-jp5w-8cmx
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
GHSA-pvw5-cvp6-cv92
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
GHSA-p8vw-m6qq-w42v
read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2023-05002 Уязвимость класса SSLSocket интерпретатора языка программирования Python, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 8.6 | 1% Низкий | больше 2 лет назад |
| GHSA-65fx-pmw6-rcfm An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-41105 An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-41105 An issue was discovered in Python 3.11 through 3.11.4. If a path conta ... | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-41105 An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-41105 An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-crhm-wc96-7579 An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | CVSS3: 9.8 | 7% Низкий | больше 2 лет назад |
| GHSA-cgfh-jp5w-8cmx An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | CVSS3: 8.1 | 0% Низкий | больше 2 лет назад |
| GHSA-pvw5-cvp6-cv92 A use-after-free exists in Python through 3.9 via heappushpop in heapq. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-p8vw-m6qq-w42v read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу