VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-469d-4hfp-fygd

Essentials
Severities (112)
References (31)
Severity details (21)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-469d-4hfp-fygd
Aliases	CVE-2024-9287
Summary	A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
Status	Published
Exploitability	0.5
Weighted Severity	7.0
Risk	3.5
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-428	Unquoted Search Path or Element
CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')

System	Score	Found at
cvssv3	6.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9287.json
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00026	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00026	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00035	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00038	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00039	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00044	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-9287
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv4	5.3	https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7
ssvc	Track	https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7
cvssv4	5.3	https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db
ssvc	Track	https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db
cvssv4	5.3	https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8
ssvc	Track	https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8
cvssv4	5.3	https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97
ssvc	Track	https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97
cvssv4	5.3	https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b
ssvc	Track	https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b
cvssv4	5.3	https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483
ssvc	Track	https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483
cvssv4	5.3	https://github.com/python/cpython/issues/124651
ssvc	Track	https://github.com/python/cpython/issues/124651
cvssv4	5.3	https://github.com/python/cpython/pull/124712
ssvc	Track	https://github.com/python/cpython/pull/124712
cvssv4	5.3	https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/
ssvc	Track	https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2024-9287

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9287.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-9287
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9287
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20250425-0006/
1089117		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089117
124651		https://github.com/python/cpython/issues/124651
124712		https://github.com/python/cpython/pull/124712
2321440		https://bugzilla.redhat.com/show_bug.cgi?id=2321440
633555735a023d3e4d92ba31da35b1205f9ecbd7		https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7
8450b2482586857d689b6658f08de9c8179af7db		https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db
9286ab3a107ea41bd3f3c3682ce2512692bdded8		https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8
ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97		https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97
cpe:2.3:a:python:python::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python::::::::
cpe:2.3:a:python:python:3.14.0:alpha1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:3.14.0:alpha1::::::
CVE-2024-9287		https://nvd.nist.gov/vuln/detail/CVE-2024-9287
d48cc82ed25e26b02eb97c6263d95dcaa1e9111b		https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b
e52095a0c1005a87eed2276af7a1f2f66e2b6483		https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483
RHSA-2024:10779		https://access.redhat.com/errata/RHSA-2024:10779
RHSA-2024:10978		https://access.redhat.com/errata/RHSA-2024:10978
RHSA-2024:10979		https://access.redhat.com/errata/RHSA-2024:10979
RHSA-2024:10980		https://access.redhat.com/errata/RHSA-2024:10980
RHSA-2024:10983		https://access.redhat.com/errata/RHSA-2024:10983
RHSA-2024:11024		https://access.redhat.com/errata/RHSA-2024:11024
RHSA-2024:11035		https://access.redhat.com/errata/RHSA-2024:11035
RHSA-2024:11111		https://access.redhat.com/errata/RHSA-2024:11111
RHSA-2025:0280		https://access.redhat.com/errata/RHSA-2025:0280
RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL		https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/
USN-7116-1		https://usn.ubuntu.com/7116-1/
USN-7348-1		https://usn.ubuntu.com/7348-1/
USN-7488-1		https://usn.ubuntu.com/7488-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9287.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://github.com/python/cpython/issues/124651

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://github.com/python/cpython/issues/124651

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://github.com/python/cpython/pull/124712

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://github.com/python/cpython/pull/124712

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/U:Green Found at https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T17:11:46Z/ Found at https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-9287

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.02347
EPSS Score	0.00017
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-10-23T00:06:58.442089+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/9xxx/CVE-2024-9287.json	34.0.2