rpm package
opensuse/python-doc&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/python-doc&distro=openSUSE%20Leap%2015.3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-4189 | — | < 2.7.18-150000.38.1 | 2.7.18-150000.38.1 | Aug 24, 2022 | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP | ||
| CVE-2021-28861 | — | < 2.7.18-150000.44.1 | 2.7.18-150000.44.1 | Aug 23, 2022 | Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation | ||
| CVE-2015-20107 | — | < 2.7.18-150000.41.1 | 2.7.18-150000.41.1 | Apr 13, 2022 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validati | ||
| CVE-2021-3733 | — | < 2.7.18-33.1 | 2.7.18-33.1 | Mar 7, 2022 | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafte | ||
| CVE-2021-3737 | — | < 2.7.18-33.1 | 2.7.18-33.1 | Mar 4, 2022 | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to syst | ||
| CVE-2022-0391 | — | < 2.7.18-150000.38.1 | 2.7.18-150000.38.1 | Feb 9, 2022 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. Th | ||
| CVE-2021-3572 | — | < 2.7.18-150000.38.1 | 2.7.18-150000.38.1 | Nov 10, 2021 | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip |
- CVE-2021-4189Aug 24, 2022affected < 2.7.18-150000.38.1fixed 2.7.18-150000.38.1
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP
- CVE-2021-28861Aug 23, 2022affected < 2.7.18-150000.44.1fixed 2.7.18-150000.44.1
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation
- CVE-2015-20107Apr 13, 2022affected < 2.7.18-150000.41.1fixed 2.7.18-150000.41.1
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validati
- CVE-2021-3733Mar 7, 2022affected < 2.7.18-33.1fixed 2.7.18-33.1
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafte
- CVE-2021-3737Mar 4, 2022affected < 2.7.18-33.1fixed 2.7.18-33.1
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to syst
- CVE-2022-0391Feb 9, 2022affected < 2.7.18-150000.38.1fixed 2.7.18-150000.38.1
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. Th
- CVE-2021-3572Nov 10, 2021affected < 2.7.18-150000.38.1fixed 2.7.18-150000.38.1
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip