发布时间: 2024年9月5日
修改时间: 2024年9月6日
There is a LOW severity vulnerability affecting CPython, specifically the http.cookies standard library module.When parsing cookies that contained backslashes for quoted characters inthe cookie value, the parser would use an algorithm with quadraticcomplexity, resulting in excess CPU resources being used while parsing thevalue.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 7.5 | 7.5 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-3626 | python3 security update | 2024年9月6日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | python3 | Unaffected |
| KY3.5.2 | python3 | Fixed |
| V6 | python3 | Fixed |
