rpm package
almalinux/python-nose-docs
pkg:rpm/almalinux/python-nose-docs
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-27291 | — | < 1.3.7-31.module_el8.6.0+2781+fed64c13 | 1.3.7-31.module_el8.6.0+2781+fed64c13 | Mar 17, 2021 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a | ||
| CVE-2021-23336 | — | < 1.3.7-31.module_el8.6.0+2781+fed64c13 | 1.3.7-31.module_el8.6.0+2781+fed64c13 | Feb 15, 2021 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When | ||
| CVE-2020-28493 | — | < 1.3.7-31.module_el8.6.0+2781+fed64c13 | 1.3.7-31.module_el8.6.0+2781+fed64c13 | Feb 1, 2021 | This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be miti | ||
| CVE-2020-27619 | — | < 1.3.7-31.module_el8.6.0+2781+fed64c13 | 1.3.7-31.module_el8.6.0+2781+fed64c13 | Oct 22, 2020 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. |
- CVE-2021-27291Mar 17, 2021affected < 1.3.7-31.module_el8.6.0+2781+fed64c13fixed 1.3.7-31.module_el8.6.0+2781+fed64c13
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a
- CVE-2021-23336Feb 15, 2021affected < 1.3.7-31.module_el8.6.0+2781+fed64c13fixed 1.3.7-31.module_el8.6.0+2781+fed64c13
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When
- CVE-2020-28493Feb 1, 2021affected < 1.3.7-31.module_el8.6.0+2781+fed64c13fixed 1.3.7-31.module_el8.6.0+2781+fed64c13
This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be miti
- CVE-2020-27619Oct 22, 2020affected < 1.3.7-31.module_el8.6.0+2781+fed64c13fixed 1.3.7-31.module_el8.6.0+2781+fed64c13
In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.
Page 2 of 2