Python — высокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.
Релизный цикл, информация об уязвимостях
График релизов
Количество 879
CVE-2022-26488
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
SUSE-SU-2024:3447-1
Security update for python36
SUSE-SU-2024:3430-1
Security update for python36
GHSA-mmm5-wgvp-wp8r
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regul ...
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
CVE-2024-6232
There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
BDU:2024-06863
Уязвимость модуля zipfile интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании
GHSA-7pwv-g7hj-39pr
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-26488 In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. | CVSS3: 7 | 1% Низкий | 10 месяцев назад |
 | SUSE-SU-2024:3447-1 Security update for python36 | 2% Низкий | 10 месяцев назад | |
| SUSE-SU-2024:3430-1 Security update for python36 | 2% Низкий | 10 месяцев назад | |
| GHSA-mmm5-wgvp-wp8r There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | CVSS3: 7.5 | 2% Низкий | 11 месяцев назад |
 | CVE-2024-6232 There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | CVSS3: 7.5 | 2% Низкий | 11 месяцев назад |
| CVE-2024-6232 There is a MEDIUM severity vulnerability affecting CPython. Regul ... | CVSS3: 7.5 | 2% Низкий | 11 месяцев назад |
| CVE-2024-6232 There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | CVSS3: 7.5 | 2% Низкий | 11 месяцев назад |
 | CVE-2024-6232 There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. | CVSS3: 7.5 | 2% Низкий | 11 месяцев назад |
 | BDU:2024-06863 Уязвимость модуля zipfile интерпретатора языка программирования Python, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 0% Низкий | 12 месяцев назад |
| GHSA-7pwv-g7hj-39pr There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value. | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
Уязвимостей на страницу