All Versions
Vulnerabilities (Public)
Known vulnerabilities and security issues detected in the extension's dependencies and code.
| Vulnerability ID | Advisory | Affected Versions | |||
|---|---|---|---|---|---|
| CVE-2022-48565 | Python 3.6.13, 3.7.10, 3.8.7 and 3.9.1 include a fix for CVE-2022-48565: XML External Entity vulnerability. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vu… | Critical | – | – | >=3.7.0a1,<3.7.10 ==3.10.0a1 <3.6.13 >=3.8.0a1,<3.8.7 >=3.9.0a1,<3.9.1 |
| CVE-2024-4032 | The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global pr… | High | – | – | <3.8.20 >=3.9.0a0,<3.9.20 >=3.10.0a0,<3.10.15 >=3.11.0a0,<3.11.10 >=3.12.0a0,<3.12.4 >=3.13.0a0,<3.13.0a6 |
| CVE-2024-0397 | A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered… | High | – | – | <3.10.14 >=3.11.0a0,<3.11.9 >=3.12.0a0,<3.12.3 >=3.13.0a0,<3.13.0a5 |
| CVE-2023-6597 | An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference … | High | – | – | >=3.10.0a1,<=3.10.13 >=3.9.0a1,<=3.9.18 >=0,<=3.8.18 >=3.12.0a1,<3.12.2 >=3.11.0a1,<3.11.8 |
| CVE-2023-41105 | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausi… | High | – | – | >=3.11.0a1,<3.11.4 |
| CVE-2022-48560 | Python 3.6.11, 3.7.7 and 3.8.2 include a fix for CVE-2022-48560: Use After Free vulnerability via heappushpop in heapq. https://bugs.python.org/issue39421 | High | – | – | <3.6.11 >=3.7.0a1,<3.7.7 >=3.8.0a1,<3.8.2 >=3.9.0a1,<3.9.0a3 |
| CVE-2024-0450 | An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploi… | Medium | – | – | >=3.10.0a1,<=3.10.13 >=3.9.0a1,<=3.9.18 >=0,<=3.8.18 >=3.12.0a1,<3.12.2 >=3.11.0a1,<3.11.8 |
| CVE-2023-6507 | An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter w… | Medium | – | – | <3.12.1 |
| CVE-2023-40217 | Python 3.8.18, 3.9.18, 3.10.13, 3.11.5 and 3.12.0rc2 include a fix for CVE-2023-40217: It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side sock… | Medium | – | – | >=3.12.0a1,<=3.12.0rc1 >=3.11.0a1,<3.11.5 >=3.10.0a1,<3.10.13 >=3.9.0a1,<3.9.18 <3.8.18 |
| CVE-2022-48566 | Python 3.6.13, 3.7.10, 3.8.7, 3.9.1 and 3.10.0a3 include a fix for CVE-2022-48566: Observable Timing Discrepancy vulnerability in compare_digest in Lib/hmac.py. The fix includes constant-time-defeatin… | Medium | – | – | >=3.7.0a1,<3.7.10 >=3.10.0a1,<3.10.0a3 >=3.8.0a1,<3.8.7 >=3.9.0a1,<3.9.1 <3.6.13 |
Page 1
Safety Discovered Vulnerabilities
Additional security issues found by Safety, exclusive to our platform.