rpm package
almalinux/python3-docutils
pkg:rpm/almalinux/python3-docutils
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-53899 | Hig | 7.8 | < 0.14-12.module_el8.9.0+3700+efebe9fd | 0.14-12.module_el8.9.0+3700+efebe9fd | Nov 24, 2024 | virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. | |
| CVE-2024-5629 | Med | 4.7 | < 0.14-12.module_el8.9.0+3700+efebe9fd | 0.14-12.module_el8.9.0+3700+efebe9fd | Jun 5, 2024 | An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. | |
| CVE-2021-20270 | Hig | 7.5 | < 0.14-12.module_el8.5.0+2569+5c5719bc | 0.14-12.module_el8.5.0+2569+5c5719bc | Mar 23, 2021 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | |
| CVE-2021-27291 | Hig | 7.5 | < 0.14-12.module_el8.5.0+2569+5c5719bc | 0.14-12.module_el8.5.0+2569+5c5719bc | Mar 17, 2021 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a | |
| CVE-2019-7164 | Cri | 9.8 | < 0.14-12.module_el8.5.0+2569+5c5719bc | 0.14-12.module_el8.5.0+2569+5c5719bc | Feb 20, 2019 | SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter. | |
| CVE-2019-7548 | Hig | 7.8 | < 0.14-12.module_el8.5.0+2569+5c5719bc | 0.14-12.module_el8.5.0+2569+5c5719bc | Feb 6, 2019 | SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled. |
- affected < 0.14-12.module_el8.9.0+3700+efebe9fdfixed 0.14-12.module_el8.9.0+3700+efebe9fd
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
- affected < 0.14-12.module_el8.9.0+3700+efebe9fdfixed 0.14-12.module_el8.9.0+3700+efebe9fd
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
- affected < 0.14-12.module_el8.5.0+2569+5c5719bcfixed 0.14-12.module_el8.5.0+2569+5c5719bc
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
- affected < 0.14-12.module_el8.5.0+2569+5c5719bcfixed 0.14-12.module_el8.5.0+2569+5c5719bc
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a
- affected < 0.14-12.module_el8.5.0+2569+5c5719bcfixed 0.14-12.module_el8.5.0+2569+5c5719bc
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
- affected < 0.14-12.module_el8.5.0+2569+5c5719bcfixed 0.14-12.module_el8.5.0+2569+5c5719bc
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.