{"url":"http://public2.vulnerablecode.io/api/packages/99691?format=json","purl":"pkg:rpm/redhat/python3@3.6.8-45?arch=el8","type":"rpm","namespace":"redhat","name":"python3","version":"3.6.8-45","qualifiers":{"arch":"el8"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80107?format=json","vulnerability_id":"VCID-e6rs-jwvu-jycd","summary":"python: urllib: HTTP client possible infinite loop on a 100 Continue response","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3737.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3737","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30825","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30821","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30954","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30384","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30466","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30583","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30749","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30832","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.31001","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30818","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30876","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30906","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30909","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30852","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995162","reference_id":"1995162","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995162"},{"reference_url":"https://github.com/python/cpython/pull/25916","reference_id":"25916","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://github.com/python/cpython/pull/25916"},{"reference_url":"https://github.com/python/cpython/pull/26503","reference_id":"26503","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://github.com/python/cpython/pull/26503"},{"reference_url":"https://ubuntu.com/security/CVE-2021-3737","reference_id":"CVE-2021-3737","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://ubuntu.com/security/CVE-2021-3737"},{"reference_url":"https://bugs.python.org/issue44022","reference_id":"issue44022","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://bugs.python.org/issue44022"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html","reference_id":"msg00039.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20220407-0009/","reference_id":"ntap-20220407-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://security.netapp.com/advisory/ntap-20220407-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4160","reference_id":"RHSA-2021:4160","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4160"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1663","reference_id":"RHSA-2022:1663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1764","reference_id":"RHSA-2022:1764","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1764"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1821","reference_id":"RHSA-2022:1821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1986","reference_id":"RHSA-2022:1986","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1986"},{"reference_url":"https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html","reference_id":"urllib-100-continue-loop.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:32:43Z/"}],"url":"https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"},{"reference_url":"https://usn.ubuntu.com/5083-1/","reference_id":"USN-5083-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5083-1/"},{"reference_url":"https://usn.ubuntu.com/5199-1/","reference_id":"USN-5199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5199-1/"},{"reference_url":"https://usn.ubuntu.com/5200-1/","reference_id":"USN-5200-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5200-1/"},{"reference_url":"https://usn.ubuntu.com/5201-1/","reference_id":"USN-5201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5201-1/"},{"reference_url":"https://usn.ubuntu.com/6891-1/","reference_id":"USN-6891-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6891-1/"}],"fixed_packages":[],"aliases":["CVE-2021-3737"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e6rs-jwvu-jycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79859?format=json","vulnerability_id":"VCID-j8hj-k7wy-yfch","summary":"python: ftplib should not use the host from the PASV response","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4189.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4189","reference_id":"","reference_type":"","scores":[{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77691","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77547","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77554","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.7758","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.7756","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.7759","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77597","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77624","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77608","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77607","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77644","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77642","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77637","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77668","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01057","scoring_system":"epss","scoring_elements":"0.77676","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-4189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e","reference_id":"0ab152c6b5d95caa2dc1a30fa96e10258b5f188e","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2036020","reference_id":"2036020","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2036020"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-4189","reference_id":"CVE-2021-4189","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2021-4189"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2021-4189","reference_id":"CVE-2021-4189","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://security-tracker.debian.org/tracker/CVE-2021-4189"},{"reference_url":"https://python-security.readthedocs.io/vuln/ftplib-pasv.html","reference_id":"ftplib-pasv.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://python-security.readthedocs.io/vuln/ftplib-pasv.html"},{"reference_url":"https://bugs.python.org/issue43285","reference_id":"issue43285","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://bugs.python.org/issue43285"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html","reference_id":"msg00024.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html","reference_id":"msg00039.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221104-0004/","reference_id":"ntap-20221104-0004","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-25T14:59:42Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221104-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1663","reference_id":"RHSA-2022:1663","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1663"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1821","reference_id":"RHSA-2022:1821","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1821"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1986","reference_id":"RHSA-2022:1986","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1986"},{"reference_url":"https://usn.ubuntu.com/5342-1/","reference_id":"USN-5342-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5342-1/"},{"reference_url":"https://usn.ubuntu.com/6891-1/","reference_id":"USN-6891-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6891-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5342-2/","reference_id":"USN-USN-5342-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5342-2/"}],"fixed_packages":[],"aliases":["CVE-2021-4189"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8hj-k7wy-yfch"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python3@3.6.8-45%3Farch=el8"}