Search CVE reports
211 – 220 of 829 results
Some fixes available 9 of 10
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing...
1 affected package
python-django
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-django | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 4
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens...
1 affected package
python-multipart
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-multipart | Not affected | Fixed | Fixed | Not in release | — |
Some fixes available 3 of 5
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
1 affected package
python-virtualenv
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-virtualenv | Not affected | Fixed | Fixed | Fixed | Not affected |
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when...
1 affected package
python-tornado
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-tornado | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 4 of 5
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under...
1 affected package
python-aiohttp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-aiohttp | Not affected | Fixed | Fixed | Fixed | Fixed |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an...
1 affected package
python-aiohttp
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-aiohttp | — | Not affected | Not affected | Not affected | Not affected |
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is...
11 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not in release | Fixed | Fixed | Fixed |
| python3.4 | Not in release | Not in release | Not in release | Not in release | — |
| python3.5 | Not in release | Not in release | Not in release | Not in release | — |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Not in release | Fixed | — |
| python3.10 | Not in release | Not in release | Fixed | Not in release | — |
| python3.11 | Not in release | Not in release | Fixed | Not in release | — |
| python3.12 | Not in release | Not affected | Not in release | Not in release | — |
| python3.13 | Not in release | Not in release | Not in release | Not in release | — |
Some fixes available 6 of 12
Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all...
2 affected packages
python-werkzeug, quart
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-werkzeug | Fixed | Fixed | Fixed | Not affected | Not affected |
| quart | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | — |
Werkzeug is a Web Server Gateway Interface web application library. On Python < 3.11 on Windows, os.path.isabs() does not catch UNC paths like //server/share. Werkzeug's safe_join() relies on this check, and so can produce a path...
1 affected package
python-werkzeug
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-werkzeug | — | Not affected | Not affected | Not affected | Not affected |
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual...
11 affected packages
python2.7, python3.4, python3.5, python3.6, python3.7...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python2.7 | Not in release | Not in release | Not affected | Not affected | Not affected |
| python3.4 | Not in release | Not in release | Not in release | Not in release | — |
| python3.5 | Not in release | Not in release | Not in release | Not in release | — |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Fixed |
| python3.8 | Not in release | Not in release | Not in release | Fixed | Fixed |
| python3.9 | Not in release | Not in release | Not in release | Fixed | — |
| python3.10 | Not in release | Not in release | Fixed | Not in release | — |
| python3.11 | Not in release | Not in release | Fixed | Not in release | — |
| python3.12 | Not in release | Fixed | Not in release | Not in release | — |
| python3.13 | Not in release | Not in release | Not in release | Not in release | — |