rpm package
almalinux/python-virtualenv-doc
pkg:rpm/almalinux/python-virtualenv-doc
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-53899 | Hig | 7.8 | < 15.1.0-23.module_el8.10.0+3937+b6a3652f | 15.1.0-23.module_el8.10.0+3937+b6a3652f | Nov 24, 2024 | virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. | |
| CVE-2024-5629 | Med | 4.7 | < 15.1.0-23.module_el8.10.0+3937+b6a3652f | 15.1.0-23.module_el8.10.0+3937+b6a3652f | Jun 5, 2024 | An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. | |
| CVE-2021-20270 | Hig | 7.5 | < 15.1.0-21.module_el8.5.0+2569+5c5719bc | 15.1.0-21.module_el8.5.0+2569+5c5719bc | Mar 23, 2021 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | |
| CVE-2021-27291 | Hig | 7.5 | < 15.1.0-21.module_el8.5.0+2569+5c5719bc | 15.1.0-21.module_el8.5.0+2569+5c5719bc | Mar 17, 2021 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a |
- affected < 15.1.0-23.module_el8.10.0+3937+b6a3652ffixed 15.1.0-23.module_el8.10.0+3937+b6a3652f
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
- affected < 15.1.0-23.module_el8.10.0+3937+b6a3652ffixed 15.1.0-23.module_el8.10.0+3937+b6a3652f
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
- affected < 15.1.0-21.module_el8.5.0+2569+5c5719bcfixed 15.1.0-21.module_el8.5.0+2569+5c5719bc
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
- affected < 15.1.0-21.module_el8.5.0+2569+5c5719bcfixed 15.1.0-21.module_el8.5.0+2569+5c5719bc
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a