Search for packages
| purl | pkg:deb/debian/pypy@2.4.0%2Bdfsg-3 |
| Next non-vulnerable version | 7.3.3+dfsg-2 |
| Latest non-vulnerable version | 7.3.3+dfsg-2 |
| Risk | 3.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g2ay-gsja-aaaj
Aliases: CVE-2019-16935 |
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T05:24:43.856631+00:00 | Debian Oval Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 36.1.3 |
| 2025-06-07T23:02:29.048293+00:00 | Debian Oval Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 36.1.0 |
| 2025-04-12T21:29:04.717200+00:00 | Debian Oval Importer | Affected by | VCID-g2ay-gsja-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-07T21:34:32.281112+00:00 | Debian Oval Importer | Affected by | VCID-g2ay-gsja-aaaj | None | 36.0.0 |