Python 3.6.0

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:python:python:3.6.0:-:*:*:*:*:*:*

part: a version: 3.6.0 update: -

VendorPython (b57ad93a-6195-5192-9423-6cfad6044a8b)
ProductPython (fc328eef-0a85-5ddb-b629-b8866ec518c8)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/python purl2cpe 2026-06-01 10:16:29.388758
pkg:github/python/cpython purl2cpe 2026-06-01 10:16:29.388759
pkg:python/python purl2cpe 2026-06-01 10:16:29.388761
pkg:rpm/opensuse/python purl2cpe 2026-06-01 10:16:29.388762

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2019-17514 vulnerable 2026-06-03 14:39:56.435212 Details available
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.
Published: 2019-10-12T12:07:23.000Z
Updated: 2024-08-05T01:40:15.920Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.