apk package
wolfi/conda
pkg:apk/wolfi/conda
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-37920 | — | < 23.7.2-r1 | 23.7.2-r1 | Jul 25, 2023 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an invest | ||
| CVE-2023-38325 | — | < 23.7.2-r1 | 23.7.2-r1 | Jul 14, 2023 | The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. | ||
| CVE-2023-36632 | — | < 0 | 0 | Jun 25, 2023 | The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data t | ||
| CVE-2023-27043 | Med | 5.3 | < 25.3.0-r0 | 25.3.0-r0 | Apr 19, 2023 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which applica | |
| CVE-2018-20225 | Hig | 7.8 | < 0 | 0 | May 8, 2020 | An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the | |
| CVE-2007-4559 | Cri | 9.8 | < 0 | 0 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- CVE-2023-37920Jul 25, 2023affected < 23.7.2-r1fixed 23.7.2-r1
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an invest
- CVE-2023-38325Jul 14, 2023affected < 23.7.2-r1fixed 23.7.2-r1
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
- CVE-2023-36632Jun 25, 2023affected < 0fixed 0
The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data t
- affected < 25.3.0-r0fixed 25.3.0-r0
The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which applica
- affected < 0fixed 0
An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the
- affected < 0fixed 0
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.