<p>There is no fixed version for <code>Centos:7</code> <code>python-libs</code>.</p>

Multiple Interpretations of UI Input Affecting python-libs package, versions *

Snyk CVSS

Attack Complexity Low

Availability High

Threat Intelligence

EPSS 0.05% (17^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-CENTOS7-PYTHONLIBS-6688256
published 27 Apr 2024
disclosed 19 Mar 2024

Report a new vulnerability Found a mistake?

Introduced: 19 Mar 2024

CVE-2024-0450 Open this link in a new tab CWE-450 Open this link in a new tab

How to fix?

There is no fixed version for Centos:7 python-libs.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-libs package and not the python-libs package as distributed by Centos. See How to fix? for Centos:7 relevant fixed versions and status.

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.