Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 879
CVE-2021-4189
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
GHSA-h7f6-hc46-frrv
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.
CVE-2021-28861
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
CVE-2021-28861
Python 3.x through 3.10 has an open redirection vulnerability in lib/h ...
CVE-2021-28861
** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
CVE-2021-28861
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
SUSE-SU-2022:2357-1
Security update for python3
SUSE-SU-2022:2344-1
Security update for python
SUSE-SU-2022:2291-1
Security update for python310
SUSE-SU-2022:2249-1
Security update for python
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-4189 A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | CVSS3: 5.3 | 0% Низкий | почти 3 года назад |
| GHSA-h7f6-hc46-frrv Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. | CVSS3: 7.4 | 0% Низкий | почти 3 года назад |
 | CVE-2021-28861 Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | CVSS3: 7.4 | 0% Низкий | почти 3 года назад |
| CVE-2021-28861 Python 3.x through 3.10 has an open redirection vulnerability in lib/h ... | CVSS3: 7.4 | 0% Низкий | почти 3 года назад |
| CVE-2021-28861 ** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | CVSS3: 7.4 | 0% Низкий | почти 3 года назад |
 | CVE-2021-28861 Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | CVSS3: 7.4 | 0% Низкий | почти 3 года назад |
 | SUSE-SU-2022:2357-1 Security update for python3 | 1% Низкий | около 3 лет назад | |
| SUSE-SU-2022:2344-1 Security update for python | 1% Низкий | около 3 лет назад | |
| SUSE-SU-2022:2291-1 Security update for python310 | 1% Низкий | около 3 лет назад | |
| SUSE-SU-2022:2249-1 Security update for python | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу