VYPR

rpm package

almalinux/python3-pymongo-gridfs

pkg:rpm/almalinux/python3-pymongo-gridfs

Vulnerabilities (4)

  • CVE-2024-53899Nov 24, 2024
    affected < 3.7.0-1.module_el8.9.0+3700+efebe9fdfixed 3.7.0-1.module_el8.9.0+3700+efebe9fd

    virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

  • CVE-2024-5629Jun 5, 2024
    affected < 3.7.0-2.module_el8.10.0+3998+2cf36268fixed 3.7.0-2.module_el8.10.0+3998+2cf36268

    An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.

  • CVE-2021-20270Mar 23, 2021
    affected < 3.7.0-1.module_el8.5.0+2569+5c5719bcfixed 3.7.0-1.module_el8.5.0+2569+5c5719bc

    An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

  • CVE-2021-27291Mar 17, 2021
    affected < 3.7.0-1.module_el8.5.0+2569+5c5719bcfixed 3.7.0-1.module_el8.5.0+2569+5c5719bc

    In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a