Python 3.12.0 Beta 2

CPE Details

Python 3.12.0 Beta 2
python
python
3.12.0
2023-12-08
16h03 +00:00
2023-12-08
16h03 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:python:python:3.12.0:beta2:*:*:*:*:*:*

Informations

Vendor

python

Product

python

Version

3.12.0

Update

beta2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-9287 2024-10-22
16h34 +00:00		 A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.
5.3
Medium
CVE-2024-6232 2024-09-03
12h29 +00:00		 There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
7.5
High
CVE-2024-7592 2024-08-19
19h06 +00:00		 There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
7.5
High
CVE-2021-32052 2021-05-06
13h49 +00:00		 In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
6.1
Medium
CVE-2020-29396 2020-12-22
15h25 +00:00		 A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
8.8
High
CVE-2009-3720 2009-11-03
15h00 +00:00		 The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
5
CVE-2009-2940 2009-10-22
14h00 +00:00		 The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.
7.5