Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:ebuild/dev-lang/python@3.9.22_p1

Type ebuild

Namespace dev-lang

Name python

Version 3.9.22_p1

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.10.7.3.19_p4

Latest_non_vulnerable_version 3.14.0_beta2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-6sue-crwp-jycu

vulnerability_id VCID-6sue-crwp-jycu

summary python: cpython: tarfile: ReDos via excessive backtracking while parsing header values

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6232.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6232.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-6232

reference_id

reference_type

scores

value	0.03014
scoring_system	epss
scoring_elements	0.86867
published_at	2026-06-07T12:55:00Z

value	0.03014
scoring_system	epss
scoring_elements	0.86873
published_at	2026-06-05T12:55:00Z

value	0.03014
scoring_system	epss
scoring_elements	0.86871
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-6232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/issues/121285

reference_id

121285

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/issues/121285

reference_url

https://github.com/python/cpython/pull/121286

reference_id

121286

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/pull/121286

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2309426
reference_id	2309426
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2309426

reference_url

https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4

reference_id

34ddb64d088dd7ccc321f6103d23153256caa5d4

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4

reference_url

https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06

reference_id

4eaf4891c12589e3c7bdad5f5b076e4c8392dd06

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06

reference_url

https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4

reference_id

743acbe872485dc18df4d8ab2dc7895187f062c4

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4

reference_url

https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d

reference_id

7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d

reference_url

https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877

reference_id

b4225ca91547aa97ed3aca391614afbb255bc877

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877

reference_url

https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf

reference_id

d449caf8a179e3b954268b3a88eb9170be3c8fbf

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf

reference_url

https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373

reference_id

ed3a49ea734ada357ff4442996fd4ae71d253373

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/

reference_id

JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:24:31Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/

reference_url	https://access.redhat.com/errata/RHSA-2024:6909
reference_id	RHSA-2024:6909
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6909

reference_url	https://access.redhat.com/errata/RHSA-2024:6975
reference_id	RHSA-2024:6975
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6975

reference_url	https://access.redhat.com/errata/RHSA-2024:7415
reference_id	RHSA-2024:7415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7415

reference_url	https://access.redhat.com/errata/RHSA-2024:7647
reference_id	RHSA-2024:7647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7647

reference_url	https://access.redhat.com/errata/RHSA-2024:8130
reference_id	RHSA-2024:8130
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8130

reference_url	https://access.redhat.com/errata/RHSA-2024:8359
reference_id	RHSA-2024:8359
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8359

reference_url	https://access.redhat.com/errata/RHSA-2024:8374
reference_id	RHSA-2024:8374
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8374

reference_url	https://access.redhat.com/errata/RHSA-2024:8446
reference_id	RHSA-2024:8446
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8446

reference_url	https://access.redhat.com/errata/RHSA-2024:8447
reference_id	RHSA-2024:8447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8447

reference_url	https://access.redhat.com/errata/RHSA-2024:8490
reference_id	RHSA-2024:8490
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8490

reference_url	https://access.redhat.com/errata/RHSA-2024:8504
reference_id	RHSA-2024:8504
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8504

reference_url	https://access.redhat.com/errata/RHSA-2024:8797
reference_id	RHSA-2024:8797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8797

reference_url	https://access.redhat.com/errata/RHSA-2024:8836
reference_id	RHSA-2024:8836
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8836

reference_url	https://access.redhat.com/errata/RHSA-2024:8838
reference_id	RHSA-2024:8838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8838

reference_url	https://access.redhat.com/errata/RHSA-2024:8977
reference_id	RHSA-2024:8977
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8977

reference_url	https://access.redhat.com/errata/RHSA-2024:9450
reference_id	RHSA-2024:9450
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9450

reference_url	https://access.redhat.com/errata/RHSA-2024:9451
reference_id	RHSA-2024:9451
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9451

reference_url	https://access.redhat.com/errata/RHSA-2024:9468
reference_id	RHSA-2024:9468
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9468

reference_url	https://access.redhat.com/errata/RHSA-2025:1750
reference_id	RHSA-2025:1750
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1750

reference_url	https://usn.ubuntu.com/7015-1/
reference_id	USN-7015-1
reference_type
scores
url	https://usn.ubuntu.com/7015-1/

reference_url	https://usn.ubuntu.com/7015-2/
reference_id	USN-7015-2
reference_type
scores
url	https://usn.ubuntu.com/7015-2/

reference_url	https://usn.ubuntu.com/7015-5/
reference_id	USN-7015-5
reference_type
scores
url	https://usn.ubuntu.com/7015-5/

reference_url	https://usn.ubuntu.com/7488-1/
reference_id	USN-7488-1
reference_type
scores
url	https://usn.ubuntu.com/7488-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2024-6232

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6sue-crwp-jycu

url VCID-e8yd-67pg-nfgk

vulnerability_id VCID-e8yd-67pg-nfgk

summary Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4517.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4517

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.61237
published_at	2026-06-07T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.61243
published_at	2026-06-05T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.61251
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/issues/135034

reference_id

135034

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/issues/135034

reference_url

https://github.com/python/cpython/pull/135037

reference_id

135037

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/pull/135037

reference_url

https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da

reference_id

19de092debb3d7e832e5672cc2f7b788d35951da

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2370016
reference_id	2370016
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2370016

reference_url

https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9

reference_id

28463dba112af719df1e8b0391c46787ad756dd9

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9

reference_url

https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a

reference_id

3612d8f51741b11f36f8fb0494d79086bac9390a

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a

reference_url

https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_id

4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_url

https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

reference_id

52398e33eff261329a0180ac1d54f42f

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

reference_url

https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

reference_id

9c1110ef6652687d7c55f590f909720eddde965a

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

reference_url

https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_id

9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_url

https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_id

aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_url

https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_id

dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

reference_id

MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG

reference_type

scores

value	9.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-10-24T03:55:18Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

reference_url	https://access.redhat.com/errata/RHSA-2025:10026
reference_id	RHSA-2025:10026
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10026

reference_url	https://access.redhat.com/errata/RHSA-2025:10028
reference_id	RHSA-2025:10028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10028

reference_url	https://access.redhat.com/errata/RHSA-2025:10031
reference_id	RHSA-2025:10031
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10031

reference_url	https://access.redhat.com/errata/RHSA-2025:10128
reference_id	RHSA-2025:10128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10128

reference_url	https://access.redhat.com/errata/RHSA-2025:10136
reference_id	RHSA-2025:10136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10136

reference_url	https://access.redhat.com/errata/RHSA-2025:10140
reference_id	RHSA-2025:10140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10140

reference_url	https://access.redhat.com/errata/RHSA-2025:10148
reference_id	RHSA-2025:10148
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10148

reference_url	https://access.redhat.com/errata/RHSA-2025:10189
reference_id	RHSA-2025:10189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10189

reference_url	https://access.redhat.com/errata/RHSA-2025:10399
reference_id	RHSA-2025:10399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10399

reference_url	https://access.redhat.com/errata/RHSA-2025:10484
reference_id	RHSA-2025:10484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10484

reference_url	https://access.redhat.com/errata/RHSA-2025:10602
reference_id	RHSA-2025:10602
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10602

reference_url	https://access.redhat.com/errata/RHSA-2025:11386
reference_id	RHSA-2025:11386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11386

reference_url	https://access.redhat.com/errata/RHSA-2025:13267
reference_id	RHSA-2025:13267
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13267

reference_url	https://access.redhat.com/errata/RHSA-2025:18219
reference_id	RHSA-2025:18219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18219

reference_url	https://access.redhat.com/errata/RHSA-2025:23530
reference_id	RHSA-2025:23530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23530

reference_url	https://access.redhat.com/errata/RHSA-2025:9918
reference_id	RHSA-2025:9918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9918

reference_url	https://access.redhat.com/errata/RHSA-2026:0934
reference_id	RHSA-2026:0934
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0934

reference_url	https://usn.ubuntu.com/7583-1/
reference_id	USN-7583-1
reference_type
scores
url	https://usn.ubuntu.com/7583-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2025-4517

risk_score 4.2

exploitability 0.5

weighted_severity 8.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8yd-67pg-nfgk

url VCID-gpv2-bq9k-sbgs

vulnerability_id VCID-gpv2-bq9k-sbgs

summary cpython: python: Uncontrolled CPU resource consumption when in http.cookies module

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7592.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7592.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7592

reference_id

reference_type

scores

value	0.00883
scoring_system	epss
scoring_elements	0.75769
published_at	2026-06-07T12:55:00Z

value	0.00883
scoring_system	epss
scoring_elements	0.75782
published_at	2026-06-05T12:55:00Z

value	0.00883
scoring_system	epss
scoring_elements	0.75779
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7592

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7592
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7592

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/issues/123067

reference_id

123067

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/issues/123067

reference_url

https://github.com/python/cpython/pull/123075

reference_id

123075

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/pull/123075

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2305879
reference_id	2305879
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2305879

reference_url

https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621

reference_id

391e5626e3ee5af267b97e37abc7475732e67621

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/commit/391e5626e3ee5af267b97e37abc7475732e67621

reference_url

https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef

reference_id

44e458357fca05ca0ae2658d62c8c595b048b5ef

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/commit/44e458357fca05ca0ae2658d62c8c595b048b5ef

reference_url

https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06

reference_id

a77ab24427a18bff817025adb03ca920dc3f1a06

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/commit/a77ab24427a18bff817025adb03ca920dc3f1a06

reference_url

https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a

reference_id

b2f11ca7667e4d57c71c1c88b255115f16042d9a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/commit/b2f11ca7667e4d57c71c1c88b255115f16042d9a

reference_url

https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f

reference_id

d4ac921a4b081f7f996a5d2b101684b67ba0ed7f

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/commit/d4ac921a4b081f7f996a5d2b101684b67ba0ed7f

reference_url

https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774

reference_id

d662e2db2605515a767f88ad48096b8ac623c774

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/commit/d662e2db2605515a767f88ad48096b8ac623c774

reference_url

https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1

reference_id

dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/

reference_id

HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:21:02Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/

reference_url	https://access.redhat.com/errata/RHSA-2024:10983
reference_id	RHSA-2024:10983
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10983

reference_url	https://access.redhat.com/errata/RHSA-2025:3631
reference_id	RHSA-2025:3631
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3631

reference_url	https://access.redhat.com/errata/RHSA-2025:3634
reference_id	RHSA-2025:3634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3634

reference_url	https://usn.ubuntu.com/7015-1/
reference_id	USN-7015-1
reference_type
scores
url	https://usn.ubuntu.com/7015-1/

reference_url	https://usn.ubuntu.com/7015-2/
reference_id	USN-7015-2
reference_type
scores
url	https://usn.ubuntu.com/7015-2/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2024-7592

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gpv2-bq9k-sbgs

url VCID-kp35-h9hu-n7gf

vulnerability_id VCID-kp35-h9hu-n7gf

summary Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4138.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4138

reference_id

reference_type

scores

value	0.00273
scoring_system	epss
scoring_elements	0.50927
published_at	2026-06-07T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50942
published_at	2026-06-05T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50947
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4138

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/issues/135034

reference_id

135034

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/issues/135034

reference_url

https://github.com/python/cpython/pull/135037

reference_id

135037

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/pull/135037

reference_url

https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da

reference_id

19de092debb3d7e832e5672cc2f7b788d35951da

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2372426
reference_id	2372426
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2372426

reference_url

https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9

reference_id

28463dba112af719df1e8b0391c46787ad756dd9

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9

reference_url

https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a

reference_id

3612d8f51741b11f36f8fb0494d79086bac9390a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a

reference_url

https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_id

4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_url

https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

reference_id

52398e33eff261329a0180ac1d54f42f

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

reference_url

https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

reference_id

9c1110ef6652687d7c55f590f909720eddde965a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

reference_url

https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_id

9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_url

https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_id

aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_url

https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_id

dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

reference_id

MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:29:22Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

reference_url	https://access.redhat.com/errata/RHSA-2025:10026
reference_id	RHSA-2025:10026
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10026

reference_url	https://access.redhat.com/errata/RHSA-2025:10028
reference_id	RHSA-2025:10028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10028

reference_url	https://access.redhat.com/errata/RHSA-2025:10031
reference_id	RHSA-2025:10031
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10031

reference_url	https://access.redhat.com/errata/RHSA-2025:10128
reference_id	RHSA-2025:10128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10128

reference_url	https://access.redhat.com/errata/RHSA-2025:10136
reference_id	RHSA-2025:10136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10136

reference_url	https://access.redhat.com/errata/RHSA-2025:10140
reference_id	RHSA-2025:10140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10140

reference_url	https://access.redhat.com/errata/RHSA-2025:10148
reference_id	RHSA-2025:10148
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10148

reference_url	https://access.redhat.com/errata/RHSA-2025:10189
reference_id	RHSA-2025:10189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10189

reference_url	https://access.redhat.com/errata/RHSA-2025:10399
reference_id	RHSA-2025:10399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10399

reference_url	https://access.redhat.com/errata/RHSA-2025:10484
reference_id	RHSA-2025:10484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10484

reference_url	https://access.redhat.com/errata/RHSA-2025:10602
reference_id	RHSA-2025:10602
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10602

reference_url	https://access.redhat.com/errata/RHSA-2025:11386
reference_id	RHSA-2025:11386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11386

reference_url	https://access.redhat.com/errata/RHSA-2025:13267
reference_id	RHSA-2025:13267
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13267

reference_url	https://access.redhat.com/errata/RHSA-2025:18219
reference_id	RHSA-2025:18219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18219

reference_url	https://access.redhat.com/errata/RHSA-2025:23530
reference_id	RHSA-2025:23530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23530

reference_url	https://access.redhat.com/errata/RHSA-2025:9918
reference_id	RHSA-2025:9918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9918

reference_url	https://access.redhat.com/errata/RHSA-2026:0934
reference_id	RHSA-2026:0934
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0934

reference_url	https://usn.ubuntu.com/7583-1/
reference_id	USN-7583-1
reference_type
scores
url	https://usn.ubuntu.com/7583-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2025-4138

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kp35-h9hu-n7gf

url VCID-rcby-1tm2-dydf

vulnerability_id VCID-rcby-1tm2-dydf

summary cpython: python: CPython DecodeError Handling Vulnerability

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4516.json

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4516.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4516

reference_id

reference_type

scores

value	0.00209
scoring_system	epss
scoring_elements	0.43405
published_at	2026-06-07T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43419
published_at	2026-06-05T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43429
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4516

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4516

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/pull/129648

reference_id

129648

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/pull/129648

reference_url

https://github.com/python/cpython/issues/133767

reference_id

133767

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/issues/133767

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2366509
reference_id	2366509
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2366509

reference_url

https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292

reference_id

4398b788ffc1f954a2c552da285477d42a571292

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/commit/4398b788ffc1f954a2c552da285477d42a571292

reference_url

https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d

reference_id

6279eb8c076d89d3739a6edb393e43c7929b429d

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/commit/6279eb8c076d89d3739a6edb393e43c7929b429d

reference_url

https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142

reference_id

69b4387f78f413e8c47572a85b3478c47eba8142

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142

reference_url

https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f

reference_id

73b3040f592436385007918887b7e2132aa8431f

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/commit/73b3040f592436385007918887b7e2132aa8431f

reference_url

https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77

reference_id

8d35fd1b34935221aff23a1ab69a429dd156be77

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/commit/8d35fd1b34935221aff23a1ab69a429dd156be77

reference_url

https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e

reference_id

9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e

reference_url

https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b

reference_id

ab9893c40609935e0d40a6d2a7307ea51aec598b

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://github.com/python/cpython/commit/ab9893c40609935e0d40a6d2a7307ea51aec598b

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/

reference_id

L75IPBBTSCYEF56I2M4KIW353BB3AY74

reference_type

scores

value	5.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-15T14:18:44Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/

reference_url	https://access.redhat.com/errata/RHSA-2025:23530
reference_id	RHSA-2025:23530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23530

reference_url	https://usn.ubuntu.com/7570-1/
reference_id	USN-7570-1
reference_type
scores
url	https://usn.ubuntu.com/7570-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2025-4516

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcby-1tm2-dydf

url VCID-rk46-d54z-cuh4

vulnerability_id VCID-rk46-d54z-cuh4

summary Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature. Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected. Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12718.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-12718

reference_id

reference_type

scores

value	0.0079
scoring_system	epss
scoring_elements	0.74262
published_at	2026-06-07T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.74271
published_at	2026-06-05T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.74275
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-12718

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/issues/127987

reference_id

127987

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/issues/127987

reference_url

https://github.com/python/cpython/issues/135034

reference_id

135034

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/issues/135034

reference_url

https://github.com/python/cpython/pull/135037

reference_id

135037

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/pull/135037

reference_url

https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da

reference_id

19de092debb3d7e832e5672cc2f7b788d35951da

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2370013
reference_id	2370013
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2370013

reference_url

https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9

reference_id

28463dba112af719df1e8b0391c46787ad756dd9

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9

reference_url

https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a

reference_id

3612d8f51741b11f36f8fb0494d79086bac9390a

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a

reference_url

https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_id

4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_url

https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

reference_id

52398e33eff261329a0180ac1d54f42f

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

reference_url

https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

reference_id

9c1110ef6652687d7c55f590f909720eddde965a

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

reference_url

https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_id

9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_url

https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_id

aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_url

https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_id

dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

reference_id

MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-24T15:57:41Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

reference_url	https://access.redhat.com/errata/RHSA-2025:10026
reference_id	RHSA-2025:10026
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10026

reference_url	https://access.redhat.com/errata/RHSA-2025:10028
reference_id	RHSA-2025:10028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10028

reference_url	https://access.redhat.com/errata/RHSA-2025:10031
reference_id	RHSA-2025:10031
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10031

reference_url	https://access.redhat.com/errata/RHSA-2025:10128
reference_id	RHSA-2025:10128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10128

reference_url	https://access.redhat.com/errata/RHSA-2025:10136
reference_id	RHSA-2025:10136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10136

reference_url	https://access.redhat.com/errata/RHSA-2025:10140
reference_id	RHSA-2025:10140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10140

reference_url	https://access.redhat.com/errata/RHSA-2025:10148
reference_id	RHSA-2025:10148
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10148

reference_url	https://access.redhat.com/errata/RHSA-2025:10189
reference_id	RHSA-2025:10189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10189

reference_url	https://access.redhat.com/errata/RHSA-2025:10399
reference_id	RHSA-2025:10399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10399

reference_url	https://access.redhat.com/errata/RHSA-2025:10484
reference_id	RHSA-2025:10484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10484

reference_url	https://access.redhat.com/errata/RHSA-2025:10602
reference_id	RHSA-2025:10602
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10602

reference_url	https://access.redhat.com/errata/RHSA-2025:11386
reference_id	RHSA-2025:11386
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11386

reference_url	https://access.redhat.com/errata/RHSA-2025:13267
reference_id	RHSA-2025:13267
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13267

reference_url	https://access.redhat.com/errata/RHSA-2025:18219
reference_id	RHSA-2025:18219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18219

reference_url	https://access.redhat.com/errata/RHSA-2025:9918
reference_id	RHSA-2025:9918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9918

reference_url	https://access.redhat.com/errata/RHSA-2026:0934
reference_id	RHSA-2026:0934
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0934

reference_url	https://usn.ubuntu.com/7583-1/
reference_id	USN-7583-1
reference_type
scores
url	https://usn.ubuntu.com/7583-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2024-12718

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rk46-d54z-cuh4

url VCID-rmct-442v-cuad

vulnerability_id VCID-rmct-442v-cuad

summary cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6923.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6923.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-6923

reference_id

reference_type

scores

value	0.00238
scoring_system	epss
scoring_elements	0.47067
published_at	2026-06-07T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.47082
published_at	2026-06-05T12:55:00Z

value	0.00238
scoring_system	epss
scoring_elements	0.47085
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-6923

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6923
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6923

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147

reference_id

06f28dc236708f72871c64d4bc4b4ea144c50147

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/commit/06f28dc236708f72871c64d4bc4b4ea144c50147

reference_url

https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384

reference_id

097633981879b3c9de9a1dd120d3aa585ecc2384

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/commit/097633981879b3c9de9a1dd120d3aa585ecc2384

reference_url

https://github.com/python/cpython/issues/121650

reference_id

121650

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/issues/121650

reference_url

https://github.com/python/cpython/pull/122233

reference_id

122233

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/pull/122233

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2302255
reference_id	2302255
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2302255

reference_url

https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7

reference_id

4766d1200fdf8b6728137aa2927a297e224d5fa7

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/commit/4766d1200fdf8b6728137aa2927a297e224d5fa7

reference_url

https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0

reference_id

4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/commit/4aaa4259b5a6e664b7316a4d60bdec7ee0f124d0

reference_url

https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1

reference_id

b158a76ce094897c870fb6b3de62887b7ccc33f1

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/commit/b158a76ce094897c870fb6b3de62887b7ccc33f1

reference_url

https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6

reference_id

f7be505d137a22528cb0fc004422c0081d5d90e6

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/commit/f7be505d137a22528cb0fc004422c0081d5d90e6

reference_url

https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533

reference_id

f7c0f09e69e950cf3c5ada9dbde93898eb975533

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://github.com/python/cpython/commit/f7c0f09e69e950cf3c5ada9dbde93898eb975533

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/

reference_id

QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-01T18:15:02Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/

reference_url	https://access.redhat.com/errata/RHSA-2024:10135
reference_id	RHSA-2024:10135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10135

reference_url	https://access.redhat.com/errata/RHSA-2024:11109
reference_id	RHSA-2024:11109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11109

reference_url	https://access.redhat.com/errata/RHSA-2024:5962
reference_id	RHSA-2024:5962
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5962

reference_url	https://access.redhat.com/errata/RHSA-2024:6146
reference_id	RHSA-2024:6146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6146

reference_url	https://access.redhat.com/errata/RHSA-2024:6163
reference_id	RHSA-2024:6163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6163

reference_url	https://access.redhat.com/errata/RHSA-2024:6179
reference_id	RHSA-2024:6179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6179

reference_url	https://access.redhat.com/errata/RHSA-2024:6909
reference_id	RHSA-2024:6909
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6909

reference_url	https://access.redhat.com/errata/RHSA-2024:6915
reference_id	RHSA-2024:6915
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6915

reference_url	https://access.redhat.com/errata/RHSA-2024:6961
reference_id	RHSA-2024:6961
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6961

reference_url	https://access.redhat.com/errata/RHSA-2024:6962
reference_id	RHSA-2024:6962
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6962

reference_url	https://access.redhat.com/errata/RHSA-2024:6975
reference_id	RHSA-2024:6975
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6975

reference_url	https://access.redhat.com/errata/RHSA-2024:7137
reference_id	RHSA-2024:7137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7137

reference_url	https://access.redhat.com/errata/RHSA-2024:7213
reference_id	RHSA-2024:7213
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7213

reference_url	https://access.redhat.com/errata/RHSA-2024:7374
reference_id	RHSA-2024:7374
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7374

reference_url	https://access.redhat.com/errata/RHSA-2024:7415
reference_id	RHSA-2024:7415
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7415

reference_url	https://access.redhat.com/errata/RHSA-2024:8103
reference_id	RHSA-2024:8103
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8103

reference_url	https://usn.ubuntu.com/7015-1/
reference_id	USN-7015-1
reference_type
scores
url	https://usn.ubuntu.com/7015-1/

reference_url	https://usn.ubuntu.com/7015-5/
reference_id	USN-7015-5
reference_type
scores
url	https://usn.ubuntu.com/7015-5/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2024-6923

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmct-442v-cuad

url VCID-u7c5-p64b-fuag

vulnerability_id VCID-u7c5-p64b-fuag

summary python: cpython: Iterating over a malicious ZIP file may lead to Denial of Service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8088.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8088.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8088

reference_id

reference_type

scores

value	0.0023
scoring_system	epss
scoring_elements	0.45964
published_at	2026-06-07T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45981
published_at	2026-06-05T12:55:00Z

value	0.0023
scoring_system	epss
scoring_elements	0.45984
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8088

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1

reference_id

0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/0aa1ee22ab6e204e9d3d0e9dd63ea648ed691ef1

reference_url

https://github.com/python/cpython/issues/122905

reference_id

122905

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/issues/122905

reference_url

https://github.com/python/cpython/pull/122906

reference_id

122906

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/pull/122906

reference_url

https://github.com/python/cpython/issues/123270

reference_id

123270

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/issues/123270

reference_url

https://github.com/python/cpython/commit/2231286d78d328c2f575e0b05b16fe447d1656d6

reference_id

2231286d78d328c2f575e0b05b16fe447d1656d6

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/2231286d78d328c2f575e0b05b16fe447d1656d6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2307370
reference_id	2307370
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2307370

reference_url

https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e

reference_id

795f2597a4be988e2bb19b69ff9958e981cb894e

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e

reference_url

https://github.com/python/cpython/commit/7bc367e464ce50b956dd232c1dfa1cad4e7fb814

reference_id

7bc367e464ce50b956dd232c1dfa1cad4e7fb814

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/7bc367e464ce50b956dd232c1dfa1cad4e7fb814

reference_url

https://github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4

reference_id

7e8883a3f04d308302361aeffc73e0e9837f19d4

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/7e8883a3f04d308302361aeffc73e0e9837f19d4

reference_url

https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64

reference_id

8c7348939d8a3ecd79d630075f6be1b0c5b41f64

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64

reference_url

https://github.com/python/cpython/commit/95b073bddefa6243effa08e131e297c0383e7f6a

reference_id

95b073bddefa6243effa08e131e297c0383e7f6a

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/95b073bddefa6243effa08e131e297c0383e7f6a

reference_url

https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7

reference_id

962055268ed4f2ca1d717bfc8b6385de50a23ab7

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/962055268ed4f2ca1d717bfc8b6385de50a23ab7

reference_url

https://github.com/python/cpython/commit/9cd03263100ddb1657826cc4a71470786cab3932

reference_id

9cd03263100ddb1657826cc4a71470786cab3932

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/9cd03263100ddb1657826cc4a71470786cab3932

reference_url

https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea

reference_id

dcc5182f27c1500006a1ef78e10613bb45788dea

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea

reference_url

https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db

reference_id

e0264a61119d551658d9445af38323ba94fc16db

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/e0264a61119d551658d9445af38323ba94fc16db

reference_url

https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798

reference_id

fc0b8259e693caa8400fa8b6ac1e494e47ea7798

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://github.com/python/cpython/commit/fc0b8259e693caa8400fa8b6ac1e494e47ea7798

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/

reference_id

GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:U/RE:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-23T17:18:49Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/

reference_url	https://access.redhat.com/errata/RHSA-2024:5962
reference_id	RHSA-2024:5962
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5962

reference_url	https://access.redhat.com/errata/RHSA-2024:6163
reference_id	RHSA-2024:6163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6163

reference_url	https://access.redhat.com/errata/RHSA-2024:6961
reference_id	RHSA-2024:6961
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6961

reference_url	https://access.redhat.com/errata/RHSA-2024:6962
reference_id	RHSA-2024:6962
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6962

reference_url	https://access.redhat.com/errata/RHSA-2024:9190
reference_id	RHSA-2024:9190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9190

reference_url	https://access.redhat.com/errata/RHSA-2024:9192
reference_id	RHSA-2024:9192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9192

reference_url	https://access.redhat.com/errata/RHSA-2024:9371
reference_id	RHSA-2024:9371
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9371

reference_url	https://usn.ubuntu.com/7015-1/
reference_id	USN-7015-1
reference_type
scores
url	https://usn.ubuntu.com/7015-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2024-8088

risk_score 3.9

exploitability 0.5

weighted_severity 7.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u7c5-p64b-fuag

url VCID-wggc-mh7b-rubm

vulnerability_id VCID-wggc-mh7b-rubm

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4330.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4330

reference_id

reference_type

scores

value	0.01012
scoring_system	epss
scoring_elements	0.77505
published_at	2026-06-06T12:55:00Z

value	0.01012
scoring_system	epss
scoring_elements	0.77495
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4330

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/python/cpython/issues/135034

reference_id

135034

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/issues/135034

reference_url

https://github.com/python/cpython/pull/135037

reference_id

135037

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/pull/135037

reference_url

https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da

reference_id

19de092debb3d7e832e5672cc2f7b788d35951da

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2370014
reference_id	2370014
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2370014

reference_url

https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9

reference_id

28463dba112af719df1e8b0391c46787ad756dd9

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9

reference_url

https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a

reference_id

3612d8f51741b11f36f8fb0494d79086bac9390a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a

reference_url

https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_id

4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e

reference_url

https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

reference_id

52398e33eff261329a0180ac1d54f42f

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f

reference_url

https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

reference_id

9c1110ef6652687d7c55f590f909720eddde965a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a

reference_url

https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_id

9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a

reference_url

https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_id

aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01

reference_url

https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_id

dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

reference_url	https://security.gentoo.org/glsa/202506-07
reference_id	GLSA-202506-07
reference_type
scores
url	https://security.gentoo.org/glsa/202506-07

reference_url

https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

reference_id

MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:27:07Z/

url

https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/

reference_url	https://access.redhat.com/errata/RHSA-2025:10026
reference_id	RHSA-2025:10026
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10026

reference_url	https://access.redhat.com/errata/RHSA-2025:10028
reference_id	RHSA-2025:10028
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10028

reference_url	https://access.redhat.com/errata/RHSA-2025:10031
reference_id	RHSA-2025:10031
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10031

reference_url	https://access.redhat.com/errata/RHSA-2025:10128
reference_id	RHSA-2025:10128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10128

reference_url	https://access.redhat.com/errata/RHSA-2025:10136
reference_id	RHSA-2025:10136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10136

reference_url	https://access.redhat.com/errata/RHSA-2025:10140
reference_id	RHSA-2025:10140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10140

reference_url	https://access.redhat.com/errata/RHSA-2025:10148
reference_id	RHSA-2025:10148
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10148

reference_url	https://access.redhat.com/errata/RHSA-2025:10189
reference_id	RHSA-2025:10189
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10189

reference_url	https://access.redhat.com/errata/RHSA-2025:10399
reference_id	RHSA-2025:10399
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10399

reference_url	https://access.redhat.com/errata/RHSA-2025:10484
reference_id	RHSA-2025:10484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10484

reference_url	https://access.redhat.com/errata/RHSA-2025:10602
reference_id	RHSA-2025:10602
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10602

reference_url	https://access.redhat.com/errata/RHSA-2025:13267
reference_id	RHSA-2025:13267
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13267

reference_url	https://access.redhat.com/errata/RHSA-2025:23530
reference_id	RHSA-2025:23530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23530

reference_url	https://access.redhat.com/errata/RHSA-2025:9918
reference_id	RHSA-2025:9918
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9918

reference_url	https://usn.ubuntu.com/7583-1/
reference_id	USN-7583-1
reference_type
scores
url	https://usn.ubuntu.com/7583-1/

fixed_packages

url	pkg:ebuild/dev-lang/python@3.8.20_p7
purl	pkg:ebuild/dev-lang/python@3.8.20_p7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.8.20_p7

url	pkg:ebuild/dev-lang/python@3.9.22_p1
purl	pkg:ebuild/dev-lang/python@3.9.22_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

url	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
purl	pkg:ebuild/dev-lang/python@3.10.7.3.19_p4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.7.3.19_p4

url	pkg:ebuild/dev-lang/python@3.10.17_p1
purl	pkg:ebuild/dev-lang/python@3.10.17_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.10.17_p1

url	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
purl	pkg:ebuild/dev-lang/python@3.11.7.3.19_p9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.7.3.19_p9

url	pkg:ebuild/dev-lang/python@3.11.12_p1
purl	pkg:ebuild/dev-lang/python@3.11.12_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.11.12_p1

url	pkg:ebuild/dev-lang/python@3.12.10_p1
purl	pkg:ebuild/dev-lang/python@3.12.10_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.12.10_p1

url	pkg:ebuild/dev-lang/python@3.13.3_p1
purl	pkg:ebuild/dev-lang/python@3.13.3_p1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.13.3_p1

url	pkg:ebuild/dev-lang/python@3.14.0_beta2
purl	pkg:ebuild/dev-lang/python@3.14.0_beta2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.14.0_beta2

aliases CVE-2025-4330

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wggc-mh7b-rubm

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/python@3.9.22_p1

Package Instance