FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f671c282-95ef-11eb-9c34-080027f515eapython -- Information disclosure via pydoc -p: /getfile?key=path allows to read arbitrary file on the filesystem

David Schwörer reports:

Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords.


Discovery 2021-01-21
Entry 2021-04-10
python38
< 3.8.9

python39
< 3.9.3

CVE-2021-3426
https://pythoninsider.blogspot.com/2021/04/python-393-and-389-are-now-available.html
https://bugs.python.org/issue42988