Python 3.13.0 Alpha 1
Approved changes feed: RSS · Atom
cpe:2.3:a:python:python:3.13.0:alpha1:*:*:*:*:*:*
part: a version: 3.13.0 update: alpha1
| Vendor | Python (b57ad93a-6195-5192-9423-6cfad6044a8b) |
|---|---|
| Product | Python (fc328eef-0a85-5ddb-b629-b8866ec518c8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/python |
purl2cpe | 2026-06-01 10:16:29.243252 |
pkg:github/python/cpython |
purl2cpe | 2026-06-01 10:16:29.243253 |
pkg:python/python |
purl2cpe | 2026-06-01 10:16:29.243255 |
pkg:rpm/opensuse/python |
purl2cpe | 2026-06-01 10:16:29.243256 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-7592 |
vulnerable | 2026-06-03 14:58:06.477276 |
Quadratic complexity parsing cookies with backslashes
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module.
When parsing cookies that contained backslashes for quoted characters in
the cookie value, the parser would use an algorithm with quadratic
complexity, resulting in excess CPU resources being used while parsing the
value.
Published: 2024-08-19T19:06:45.311Z
Updated: 2025-11-03T22:32:52.863Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-6232 |
vulnerable | 2026-06-03 14:58:02.304303 |
Regular-expression DoS when parsing TarFile headers
There is a MEDIUM severity vulnerability affecting CPython.
Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.
Published: 2024-09-03T12:29:00.102Z
Updated: 2025-11-03T22:32:42.630Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6507 |
vulnerable | 2026-06-03 14:53:52.024321 |
Groups not dropped before running subprocess when using empty 'extra_groups' parameter
MEDIUM (6.1)
An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases.
When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list.
This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`).
Published: 2023-12-08T18:20:49.583Z
Updated: 2024-08-02T08:35:13.267Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.