VYPR

apk package

chainguard/python-3.7-doc

pkg:apk/chainguard/python-3.7-doc

Vulnerabilities (7)

  • CVE-2022-48566Aug 22, 2023
    affected < 0fixed 0

    An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

  • CVE-2022-48565Aug 22, 2023
    affected < 0fixed 0

    An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

  • CVE-2022-48564Aug 22, 2023
    affected < 0fixed 0

    read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

  • CVE-2022-48560Aug 22, 2023
    affected < 0fixed 0

    A use-after-free exists in Python through 3.9 via heappushpop in heapq.

  • CVE-2023-36632Jun 25, 2023
    affected < 0fixed 0

    The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data t

  • CVE-2023-24329Feb 17, 2023
    affected < 3.7.17-r0fixed 3.7.17-r0

    An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

  • CVE-2007-4559CriAug 28, 2007
    affected < 0fixed 0

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.