rpm package
almalinux/python39-more-itertools
pkg:rpm/almalinux/python39-more-itertools
Vulnerabilities (42)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-28957 | — | < 8.5.0-2.module_el8.6.0+2780+a40f65e1 | 8.5.0-2.module_el8.6.0+2780+a40f65e1 | Mar 21, 2021 | An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi | ||
| CVE-2007-4559 | Cri | 9.8 | < 8.5.0-2.module_el8.6.0+2780+a40f65e1 | 8.5.0-2.module_el8.6.0+2780+a40f65e1 | Aug 28, 2007 | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
- CVE-2021-28957Mar 21, 2021affected < 8.5.0-2.module_el8.6.0+2780+a40f65e1fixed 8.5.0-2.module_el8.6.0+2780+a40f65e1
An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit thi
- affected < 8.5.0-2.module_el8.6.0+2780+a40f65e1fixed 8.5.0-2.module_el8.6.0+2780+a40f65e1
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Page 3 of 3