-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
b67dca6
commit 07f4d1c
Showing
4 changed files
with
231 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
{ | ||
"modified": "2023-08-24T00:00:00Z", | ||
"published": "2023-08-24T00:00:00Z", | ||
"schema_version": "1.5.0", | ||
"id": "PSF-0000-CVE-2022-48565", | ||
"aliases": [ | ||
"CVE-2022-48566", | ||
"GHSA-crhm-wc96-7579" | ||
], | ||
"summary": "XML External Entity issue in plistlib module", | ||
"details": "An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.", | ||
"affected": [ | ||
{ | ||
"ranges": [ | ||
{ | ||
"type": "GIT", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2" | ||
}, | ||
{ | ||
"fixed": "479553c7c11306a09ce34edb6ef208133b7b95fe" | ||
}, | ||
{ | ||
"fixed": "65894cac0835cb8f469f649e20aa1be8bf89f5ae" | ||
}, | ||
{ | ||
"fixed": "e512bc799e3864fe3b1351757261762d63471efc" | ||
}, | ||
{ | ||
"fixed": "a158fb9c5138db94adf24fbc5690467cda811163" | ||
} | ||
], | ||
"repo": "https://github.com/python/cpython" | ||
}, | ||
{ | ||
"type": "ECOSYSTEM", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "3.6.15" | ||
}, | ||
{ | ||
"introduced": "3.7.0" | ||
}, | ||
{ | ||
"fixed": "3.7.17" | ||
}, | ||
{ | ||
"introduced": "3.8.0" | ||
}, | ||
{ | ||
"fixed": "3.8.7" | ||
}, | ||
{ | ||
"introduced": "3.9.0" | ||
}, | ||
{ | ||
"fixed": "3.9.1" | ||
}, | ||
{ | ||
"introduced": "3.10.0a1" | ||
}, | ||
{ | ||
"fixed": "3.10.0a2" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48565" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://bugs.python.org/issue42051" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
{ | ||
"modified": "2023-08-24T00:00:00Z", | ||
"published": "2023-08-24T00:00:00Z", | ||
"schema_version": "1.5.0", | ||
"id": "PSF-0000-CVE-2022-48566", | ||
"aliases": [ | ||
"CVE-2022-48566", | ||
"GHSA-cgfh-jp5w-8cmx" | ||
], | ||
"summary": "hmac.compare_digest() accumulator not constant-time", | ||
"details": "An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.", | ||
"affected": [ | ||
{ | ||
"ranges": [ | ||
{ | ||
"type": "GIT", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "31729366e2bc09632e78f3896dbce0ae64914f28" | ||
}, | ||
{ | ||
"fixed": "c1bbca5b004b3f74d240ef8a76ff445cc1a27efb" | ||
}, | ||
{ | ||
"fixed": "97136d71a78a4b6b816f7e14acc52be426efcb6f" | ||
}, | ||
{ | ||
"fixed": "db95802bdfac4d13db3e2a391ec7b9e2f8d92dbe" | ||
}, | ||
{ | ||
"fixed": "8bef9ebb1b88cfa4b2a38b93fe4ea22015d8254a" | ||
} | ||
], | ||
"repo": "https://github.com/python/cpython" | ||
}, | ||
{ | ||
"type": "ECOSYSTEM", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "3.6.13" | ||
}, | ||
{ | ||
"introduced": "3.7.0" | ||
}, | ||
{ | ||
"fixed": "3.7.10" | ||
}, | ||
{ | ||
"introduced": "3.8.0" | ||
}, | ||
{ | ||
"fixed": "3.8.7" | ||
}, | ||
{ | ||
"introduced": "3.9.0" | ||
}, | ||
{ | ||
"fixed": "3.9.1" | ||
}, | ||
{ | ||
"introduced": "3.10.0a1" | ||
}, | ||
{ | ||
"fixed": "3.10.0a3" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48566" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://bugs.python.org/issue40791" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
{ | ||
"modified": "2023-08-24T00:00:00Z", | ||
"published": "2023-08-24T00:00:00Z", | ||
"schema_version": "1.5.0", | ||
"id": "PSF-0000-CVE-2022-48565", | ||
"aliases": [ | ||
"CVE-2022-48566", | ||
"GHSA-cgfh-jp5w-8cmx" | ||
], | ||
"summary": "Reference count issue in _asyncio._swap_current_task()", | ||
"details": "An issue in Python CPython 3.12.0b1 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task() component.", | ||
"affected": [ | ||
{ | ||
"ranges": [ | ||
{ | ||
"type": "GIT", | ||
"events": [ | ||
{ | ||
"introduced": "a474e04388c2ef6aca75c26cb70a1b6200235feb" | ||
}, | ||
{ | ||
"fixed": "d2cbb6e918d9ea39f0dd44acb53270f2dac07454" | ||
}, | ||
{ | ||
"fixed": "9e6f8d46150c1a0af09d68ce63c603cf321994aa" | ||
} | ||
], | ||
"repo": "https://github.com/python/cpython" | ||
}, | ||
{ | ||
"type": "ECOSYSTEM", | ||
"events": [ | ||
{ | ||
"introduced": "3.12.0b1" | ||
}, | ||
{ | ||
"fixed": "3.12.0rc2" | ||
} | ||
] | ||
} | ||
] | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38898" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/python/cpython/issues/105987" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters