Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 897
SUSE-SU-2024:3924-1
Security update for python310
SUSE-SU-2024:3879-1
Security update for python3
RLSA-2024:8374
Moderate: python3.11 security update
RLSA-2024:8447
Moderate: python3.12 security update
RLSA-2024:8446
Moderate: python3.9 security update
RLSA-2024:8359
Moderate: python39:3.9 and python39-devel:3.9 security update
GHSA-grqq-hcc7-crmr
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI wh ...
CVE-2024-9287
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | SUSE-SU-2024:3924-1 Security update for python310 | 0% Низкий | около 1 года назад | |
| SUSE-SU-2024:3879-1 Security update for python3 | 0% Низкий | около 1 года назад | |
 | RLSA-2024:8374 Moderate: python3.11 security update | 3% Низкий | около 1 года назад | |
| RLSA-2024:8447 Moderate: python3.12 security update | 3% Низкий | около 1 года назад | |
| RLSA-2024:8446 Moderate: python3.9 security update | 3% Низкий | около 1 года назад | |
| RLSA-2024:8359 Moderate: python39:3.9 and python39-devel:3.9 security update | 3% Низкий | около 1 года назад | |
| GHSA-grqq-hcc7-crmr A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
| CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI wh ... | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-9287 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected. | CVSS3: 7.8 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу