RHSA-2021:3254MediumCVSS 9.1

Red Hat Security Advisory: rh-python38 security, bug fix, and enhancement update

Published
August 24, 2021
Last Modified
June 26, 2026

🔗 CVE IDs covered (17)

📋 Description

CVE-2020-25659 — python-cryptography: Bleichenbacher timing oracle attack against RSA decryption CVE-2020-27619 — python: Unsafe use of eval() on data retrieved via HTTP in the test suite CVE-2020-27783 — python-lxml: mXSS due to the use of improper parser CVE-2020-28493 — python-jinja2: ReDoS vulnerability in the urlize filter CVE-2020-36242 — python-cryptography: Large inputs for symmetric encryption can trigger integer overflow leading to buffer overflow CVE-2021-3177 — python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c CVE-2021-3426 — python: Information disclosure via pydoc CVE-2021-3572 — python-pip: Incorrect handling of unicode separators in git references CVE-2021-3733 — python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-4189 — python: ftplib should not use the host from the PASV response CVE-2021-20095 — python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code CVE-2021-23336 — python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters CVE-2021-28957 — python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS CVE-2021-29921 — python-ipaddress: Improper input validation of octal strings CVE-2021-33503 — python-urllib3: ReDoS in the parsing of authority part of URL CVE-2021-42771 — python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code CVE-2022-0391 — python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

🔗 References (19)