Exposure of Python
Programming languages24
exposure score
135,436
sites use
0
exploited
1
critical
CVEs
12 resultsCVE-2019-5010MEDIUMAn exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafteEPSS 20.7%CVE-2021-3737HIGHA flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls EPSS 11.6%CVE-2018-14647MEDIUMPython's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial oEPSS 10.9%CVE-2022-0391HIGHA flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings intoEPSS 8.3%CVE-2019-10160CRITICALA security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7EPSS 5.2%CVE-2018-1060MEDIUMpython before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. AnEPSS 5.1%CVE-2018-1061MEDIUMpython before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK meEPSS 5.0%CVE-2021-3733—There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as webEPSS 4.7%CVE-2020-10735—A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could takeEPSS 3.2%CVE-2021-4189MEDIUMA flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTPEPSS 2.4%CVE-2021-3426MEDIUMThere's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to starEPSS 1.9%CVE-2017-20052MEDIUMPython pgAdmin4 uncontrolled search pathEPSS 1.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →