VYPR

rpm package

almalinux/python3-docutils

pkg:rpm/almalinux/python3-docutils

Vulnerabilities (6)

  • CVE-2024-53899Nov 24, 2024
    affected < 0.14-12.module_el8.9.0+3700+efebe9fdfixed 0.14-12.module_el8.9.0+3700+efebe9fd

    virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

  • CVE-2024-5629Jun 5, 2024
    affected < 0.14-12.module_el8.9.0+3700+efebe9fdfixed 0.14-12.module_el8.9.0+3700+efebe9fd

    An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.

  • CVE-2021-20270Mar 23, 2021
    affected < 0.14-12.module_el8.5.0+2569+5c5719bcfixed 0.14-12.module_el8.5.0+2569+5c5719bc

    An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

  • CVE-2021-27291Mar 17, 2021
    affected < 0.14-12.module_el8.5.0+2569+5c5719bcfixed 0.14-12.module_el8.5.0+2569+5c5719bc

    In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a

  • CVE-2019-7164Feb 20, 2019
    affected < 0.14-12.module_el8.5.0+2569+5c5719bcfixed 0.14-12.module_el8.5.0+2569+5c5719bc

    SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.

  • CVE-2019-7548Feb 6, 2019
    affected < 0.14-12.module_el8.5.0+2569+5c5719bcfixed 0.14-12.module_el8.5.0+2569+5c5719bc

    SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.