Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (6)
| Vulnerability |
Summary |
Aliases |
|
VCID-2v5u-2z4w-ffgx
|
python: incorrect IPv4 and IPv6 private ranges
|
CVE-2024-4032
|
|
VCID-8hug-fhhb-sbgt
|
python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used
|
CVE-2024-5642
|
|
VCID-qwhz-912b-8kh5
|
cpython: python: Memory race condition in ssl.SSLContext certificate store methods
|
CVE-2024-0397
|
|
VCID-s5yq-pjhc-fbcm
|
python: Default mimetype known files writeable on Windows
|
CVE-2024-3220
|
|
VCID-ymg5-42xm-7fh9
|
The
“socket” module provides a pure-Python fallback to the
socket.socketpair() function for platforms that don’t support AF_UNIX,
such as Windows. This pure-Python implementation uses AF_INET or
AF_INET6 to create a local connected pair of sockets. The connection
between the two sockets was not verified before passing the two sockets
back to the user, which leaves the server socket vulnerable to a
connection race from a malicious local peer.
Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included.
|
CVE-2024-3219
|
|
VCID-zxzn-25zt-ukct
|
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the underlying shell. See CVE-2026-4519 for details.
|
CVE-2026-4786
|