VYPR

rpm package

almalinux/python-nose-docs

pkg:rpm/almalinux/python-nose-docs

Vulnerabilities (24)

  • CVE-2021-27291Mar 17, 2021
    affected < 1.3.7-31.module_el8.6.0+2781+fed64c13fixed 1.3.7-31.module_el8.6.0+2781+fed64c13

    In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a

  • CVE-2021-23336Feb 15, 2021
    affected < 1.3.7-31.module_el8.6.0+2781+fed64c13fixed 1.3.7-31.module_el8.6.0+2781+fed64c13

    The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When

  • CVE-2020-28493Feb 1, 2021
    affected < 1.3.7-31.module_el8.6.0+2781+fed64c13fixed 1.3.7-31.module_el8.6.0+2781+fed64c13

    This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be miti

  • CVE-2020-27619Oct 22, 2020
    affected < 1.3.7-31.module_el8.6.0+2781+fed64c13fixed 1.3.7-31.module_el8.6.0+2781+fed64c13

    In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Page 2 of 2