VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-9sf2-nk96-z7g1

Essentials
Severities (110)
References (19)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-9sf2-nk96-z7g1
Aliases	CVE-2024-11168
Summary	The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
Status	Published
Exploitability	0.5
Weighted Severity	5.7
Risk	2.9
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-1287

Improper Validation of Specified Type of Input

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11168.json
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00060	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00117	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00154	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00167	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00177	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00177	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00177	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00177	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00177	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00177	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00177	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.00198	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
epss	0.0057	https://api.first.org/data/v1/epss?cve=CVE-2024-11168
cvssv3.1	3.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.7	https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5
cvssv4	6.3	https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5
ssvc	Track	https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5
cvssv3.1	3.7	https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e
cvssv4	6.3	https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e
ssvc	Track	https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e
cvssv3.1	3.7	https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550
cvssv4	6.3	https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550
ssvc	Track	https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550
cvssv3.1	3.7	https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132
cvssv4	6.3	https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132
ssvc	Track	https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132
cvssv3.1	3.7	https://github.com/python/cpython/issues/103848
cvssv4	6.3	https://github.com/python/cpython/issues/103848
ssvc	Track	https://github.com/python/cpython/issues/103848
cvssv3.1	3.7	https://github.com/python/cpython/pull/103849
cvssv4	6.3	https://github.com/python/cpython/pull/103849
ssvc	Track	https://github.com/python/cpython/pull/103849
cvssv3.1	3.7	https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/
cvssv4	6.3	https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/
ssvc	Track	https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11168.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-11168
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11168
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20250411-0004/
103848		https://github.com/python/cpython/issues/103848
103849		https://github.com/python/cpython/pull/103849
2325776		https://bugzilla.redhat.com/show_bug.cgi?id=2325776
29f348e232e82938ba2165843c448c2b291504c5		https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5
634ded45545ce8cbd6fd5d49785613dd7fa9b89e		https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e
b2171a2fd41416cf68afd67460578631d755a550		https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550
CVE-2024-11168		https://nvd.nist.gov/vuln/detail/CVE-2024-11168
ddca2953191c67a12b1f19d6bca41016c6ae7132		https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132
RHSA-2024:10779		https://access.redhat.com/errata/RHSA-2024:10779
RHSA-2024:10983		https://access.redhat.com/errata/RHSA-2024:10983
USN-7218-1		https://usn.ubuntu.com/7218-1/
USN-7348-1		https://usn.ubuntu.com/7348-1/
USN-7488-1		https://usn.ubuntu.com/7488-1/
XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T		https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11168.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N Found at https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-13T15:09:42Z/ Found at https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N Found at https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-13T15:09:42Z/ Found at https://github.com/python/cpython/commit/634ded45545ce8cbd6fd5d49785613dd7fa9b89e

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N Found at https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-13T15:09:42Z/ Found at https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N Found at https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-13T15:09:42Z/ Found at https://github.com/python/cpython/commit/ddca2953191c67a12b1f19d6bca41016c6ae7132

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/python/cpython/issues/103848

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N Found at https://github.com/python/cpython/issues/103848

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-13T15:09:42Z/ Found at https://github.com/python/cpython/issues/103848

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://github.com/python/cpython/pull/103849

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N Found at https://github.com/python/cpython/pull/103849

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-13T15:09:42Z/ Found at https://github.com/python/cpython/pull/103849

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/AU:N Found at https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-13T15:09:42Z/ Found at https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/

Exploit Prediction Scoring System (EPSS)

Percentile	0.27533
EPSS Score	0.00060
Published At	Dec. 11, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-11-14T12:11:41.820520+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	34.3.0