Python 3.11.0 Alpha 2
Approved changes feed: RSS · Atom
cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*
part: a version: 3.11.0 update: alpha2
| Vendor | Python (b57ad93a-6195-5192-9423-6cfad6044a8b) |
|---|---|
| Product | Python (fc328eef-0a85-5ddb-b629-b8866ec518c8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/python |
purl2cpe | 2026-06-01 10:16:29.242870 |
pkg:github/python/cpython |
purl2cpe | 2026-06-01 10:16:29.242872 |
pkg:python/python |
purl2cpe | 2026-06-01 10:16:29.242873 |
pkg:rpm/opensuse/python |
purl2cpe | 2026-06-01 10:16:29.242874 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-45061 |
vulnerable | 2026-06-03 14:48:23.637647 |
Details available
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
Published: 2022-11-09T00:00:00.000Z
Updated: 2025-11-03T21:46:44.155Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26488 |
vulnerable | 2026-06-03 14:46:43.248321 |
Details available
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
Published: 2022-03-07T17:26:04.000Z
Updated: 2024-08-03T05:03:32.791Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28861 |
vulnerable | 2026-06-03 14:44:18.977298 |
Details available
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks."
Published: 2022-08-23T00:00:00.000Z
Updated: 2025-12-17T21:30:32.380Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-10735 |
vulnerable | 2026-06-03 14:41:00.466788 |
Details available
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
Published: 2022-09-09T00:00:00.000Z
Updated: 2025-11-03T21:44:16.139Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.