Логотип exploitDog
product: "python"
Консоль
Логотип exploitDog

exploitDog

product: "python"
Python

Pythonвысокоуровневый язык программирования общего назначения. Его философия дизайна делает акцент на читаемости кода.

Релизный цикл, информация об уязвимостях

Продукт: Python
Вендор: python

График релизов

3.93.103.113.123.1320202021202220232024202520262027202820292030

Недавние уязвимости Python

Количество 879

suse-cvrf логотип

SUSE-SU-2023:3804-1

почти 2 года назад

Security update for python3

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2023:3731-1

почти 2 года назад

Security update for python36

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2023:3730-1

почти 2 года назад

Security update for python

EPSS: Низкий
suse-cvrf логотип

SUSE-SU-2023:3708-1

почти 2 года назад

Security update for python39

EPSS: Низкий
rocky логотип

RLSA-2023:3585

почти 2 года назад

Important: python3.11 security update

EPSS: Низкий
rocky логотип

RLSA-2023:3595

почти 2 года назад

Important: python3.9 security update

EPSS: Низкий
rocky логотип

RLSA-2023:3594

почти 2 года назад

Important: python3.11 security update

EPSS: Низкий
github логотип

GHSA-4j9r-82g6-9mj3

почти 2 года назад

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

CVSS3: 5.3
EPSS: Низкий
nvd логотип

CVE-2023-40217

почти 2 года назад

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

CVSS3: 5.3
EPSS: Низкий
debian логотип

CVE-2023-40217

почти 2 года назад

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...

CVSS3: 5.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
suse-cvrf логотип
SUSE-SU-2023:3804-1

Security update for python3

0%
Низкий
почти 2 года назад
suse-cvrf логотип
SUSE-SU-2023:3731-1

Security update for python36

0%
Низкий
почти 2 года назад
suse-cvrf логотип
SUSE-SU-2023:3730-1

Security update for python

0%
Низкий
почти 2 года назад
suse-cvrf логотип
SUSE-SU-2023:3708-1

Security update for python39

0%
Низкий
почти 2 года назад
rocky логотип
RLSA-2023:3585

Important: python3.11 security update

1%
Низкий
почти 2 года назад
rocky логотип
RLSA-2023:3595

Important: python3.9 security update

1%
Низкий
почти 2 года назад
rocky логотип
RLSA-2023:3594

Important: python3.11 security update

1%
Низкий
почти 2 года назад
github логотип
GHSA-4j9r-82g6-9mj3

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

CVSS3: 5.3
0%
Низкий
почти 2 года назад
nvd логотип
CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

CVSS3: 5.3
0%
Низкий
почти 2 года назад
debian логотип
CVE-2023-40217

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...

CVSS3: 5.3
0%
Низкий
почти 2 года назад

Уязвимостей на страницу


Поделиться