VYPR

apk package

wolfi/python-3.10-base

pkg:apk/wolfi/python-3.10-base

Vulnerabilities (25)

  • CVE-2023-36632Jun 25, 2023
    affected < 0fixed 0

    The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument. This argument is plausibly an untrusted value from an application's input data t

  • CVE-2023-27043MedApr 19, 2023
    affected < 3.10.13-r5fixed 3.10.13-r5

    The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which applica

  • CVE-2023-24329Feb 17, 2023
    affected < 0fixed 0

    An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

  • CVE-2020-10735Sep 9, 2022
    affected < 0fixed 0

    A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2

  • CVE-2007-4559CriAug 28, 2007
    affected < 0fixed 0

    Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Page 2 of 2