rpm package
almalinux/python36-devel
pkg:rpm/almalinux/python36-devel
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-53899 | — | < 3.6.8-39.module_el8.10.0+3769+3838165b | 3.6.8-39.module_el8.10.0+3769+3838165b | Nov 24, 2024 | virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. | ||
| CVE-2024-5629 | — | < 3.6.8-39.module_el8.10.0+3769+3838165b | 3.6.8-39.module_el8.10.0+3769+3838165b | Jun 5, 2024 | An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory. | ||
| CVE-2021-20270 | — | < 3.6.8-38.module_el8.5.0+2569+5c5719bc | 3.6.8-38.module_el8.5.0+2569+5c5719bc | Mar 23, 2021 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword. | ||
| CVE-2021-27291 | — | < 3.6.8-38.module_el8.5.0+2569+5c5719bc | 3.6.8-38.module_el8.5.0+2569+5c5719bc | Mar 17, 2021 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a |
- CVE-2024-53899Nov 24, 2024affected < 3.6.8-39.module_el8.10.0+3769+3838165bfixed 3.6.8-39.module_el8.10.0+3769+3838165b
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
- CVE-2024-5629Jun 5, 2024affected < 3.6.8-39.module_el8.10.0+3769+3838165bfixed 3.6.8-39.module_el8.10.0+3769+3838165b
An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.
- CVE-2021-20270Mar 23, 2021affected < 3.6.8-38.module_el8.5.0+2569+5c5719bcfixed 3.6.8-38.module_el8.5.0+2569+5c5719bc
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
- CVE-2021-27291Mar 17, 2021affected < 3.6.8-38.module_el8.5.0+2569+5c5719bcfixed 3.6.8-38.module_el8.5.0+2569+5c5719bc
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a