{"id":"USN-6891-1","summary":"python3.5, python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12 vulnerabilities","details":"It was discovered that Python incorrectly handled certain inputs.\nAn attacker could possibly use this issue to execute arbitrary code.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2015-20107)\n\nIt was discovered that Python incorrectly used regular expressions\nvulnerable to catastrophic backtracking. A remote attacker could possibly\nuse this issue to cause a denial of service. This issue only affected\nUbuntu 14.04 LTS. (CVE-2018-1060, CVE-2018-1061)\n\nIt was discovered that Python failed to initialize Expat’s hash salt. A\nremote attacker could possibly use this issue to cause hash collisions,\nleading to a denial of service. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2018-14647)\n\nIt was discovered that Python incorrectly handled certain pickle files. An\nattacker could possibly use this issue to consume memory, leading to a\ndenial of service. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2018-20406)\n\nIt was discovered that Python incorrectly validated the domain when\nhandling cookies. An attacker could possibly trick Python into sending\ncookies to the wrong domain. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2018-20852)\n\nJonathan Birch and Panayiotis Panayiotou discovered that Python incorrectly\nhandled Unicode encoding during NFKC normalization. An attacker could\npossibly use this issue to obtain sensitive information. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2019-9636, CVE-2019-10160)\n\nIt was discovered that Python incorrectly parsed certain email addresses. A\nremote attacker could possibly use this issue to trick Python applications\ninto accepting email addresses that should be denied. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2019-16056)\n\nIt was discovered that the Python documentation XML-RPC server incorrectly\nhandled certain fields. A remote attacker could use this issue to execute a\ncross-site scripting (XSS) attack. This issue only affected Ubuntu 14.04\nLTS. (CVE-2019-16935)\n\nIt was discovered that Python documentation had a misleading information.\nA security issue could be possibly caused by wrong assumptions of this\ninformation. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04\nLTS. (CVE-2019-17514)\n\nIt was discovered that Python incorrectly stripped certain characters from\nrequests. A remote attacker could use this issue to perform CRLF injection.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2019-18348)\n\nIt was discovered that Python incorrectly handled certain TAR archives.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2019-20907)\n\nColin Read and Nicolas Edet discovered that Python incorrectly handled\nparsing certain X509 certificates. An attacker could possibly use this\nissue to cause Python to crash, resulting in a denial of service. This\nissue only affected Ubuntu 14.04 LTS. (CVE-2019-5010)\n\nIt was discovered that incorrectly handled certain ZIP files. An attacker\ncould possibly use this issue to cause a denial of service. This issue only\naffected Ubuntu 14.04 LTS. (CVE-2019-9674)\n\nIt was discovered that Python incorrectly handled certain urls. A remote\nattacker could possibly use this issue to perform CRLF injection attacks.\nThis issue only affected Ubuntu 14.04 LTS. (CVE-2019-9740, CVE-2019-9947)\n\nSihoon Lee discovered that Python incorrectly handled the local_file:\nscheme. A remote attacker could possibly use this issue to bypass blocklist\nmeschanisms. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-9948)\n\nIt was discovered that Python incorrectly handled certain IP values.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2020-14422)\n\nIt was discovered that Python incorrectly handled certain character\nsequences. A remote attacker could possibly use this issue to perform\nCRLF injection. This issue only affected Ubuntu 14.04 LTS and Ubuntu\n18.04 LTS. (CVE-2020-26116)\n\nIt was discovered that Python incorrectly handled certain inputs.\nAn attacker could possibly use this issue to execute arbitrary code\nor cause a denial of service. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2020-27619, CVE-2021-3177)\n\nIt was discovered that Python incorrectly handled certain HTTP requests.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 14.04 LTS. (CVE-2020-8492)\n\nIt was discovered that the Python stdlib ipaddress API incorrectly handled\noctal strings. A remote attacker could possibly use this issue to perform a\nwide variety of attacks, including bypassing certain access restrictions.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2021-29921)\n\nDavid Schwörer discovered that Python incorrectly handled certain inputs.\nAn attacker could possibly use this issue to expose sensitive information.\nThis issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426)\n\nIt was discovered that Python incorrectly handled certain RFCs.\nAn attacker could possibly use this issue to cause a denial of service.\nThis issue only affected Ubuntu 14.04 LTS. (CVE-2021-3733)\n\nIt was discovered that Python incorrectly handled certain server\nresponses. An attacker could possibly use this issue to cause a denial of\nservice. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-3737)\n\nIt was discovered that Python incorrectly handled certain FTP requests.\nAn attacker could possibly use this issue to expose sensitive information.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2021-4189)\n\nIt was discovered that Python incorrectly handled certain inputs.\nAn attacker could possibly use this issue to execute arbitrary code.\nThis issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2022-0391)\n\nDevin Jeanpierre discovered that Python incorrectly handled sockets when\nthe multiprocessing module was being used. A local attacker could possibly\nuse this issue to execute arbitrary code and escalate privileges.\nThis issue only affected Ubuntu 22.04 LTS. (CVE-2022-42919)\n\nIt was discovered that Python incorrectly handled certain inputs. If a\nuser or an automated system were tricked into running a specially\ncrafted input, a remote attacker could possibly use this issue to cause a\ndenial of service. This issue only affected Ubuntu 14.04 LTS,\nUbuntu 18.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-45061, CVE-2023-24329)\n\nIt was discovered that Python incorrectly handled certain scripts.\nAn attacker could possibly use this issue to execute arbitrary code\nor cause a crash. This issue only affected Ubuntu 14.04 LTS and\nUbuntu 18.04 LTS. (CVE-2022-48560)\n\nIt was discovered that Python incorrectly handled certain plist files.\nIf a user or an automated system were tricked into processing a specially\ncrafted plist file, an attacker could possibly use this issue to consume\nresources, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 18.04 LTS. (CVE-2022-48564)\n\nIt was discovered that Python did not properly handle XML entity\ndeclarations in plist files. An attacker could possibly use this\nvulnerability to perform an XML External Entity (XXE) injection,\nresulting in a denial of service or information disclosure. This issue\nonly affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. (CVE-2022-48565)\n\nIt was discovered that Python did not properly provide constant-time\nprocessing for a crypto operation. An attacker could possibly use this\nissue to perform a timing attack and recover sensitive information. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS.\n(CVE-2022-48566)\n\nIt was discovered that Python instances of ssl.SSLSocket were vulnerable\nto a bypass of the TLS handshake. An attacker could possibly use this\nissue to cause applications to treat unauthenticated received data before\nTLS handshake as authenticated data after TLS handshake. This issue only\naffected Ubuntu 14.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS. (CVE-2023-40217)\n\nIt was discovered that Python incorrectly handled null bytes when\nnormalizing pathnames. An attacker could possibly use this issue to bypass\ncertain filename checks. This issue only affected Ubuntu 22.04 LTS.\n(CVE-2023-41105)\n\nIt was discovered that Python incorrectly handled privilege with certain\nparameters. An attacker could possibly use this issue to maintain the\noriginal processes' groups before starting the new process. This issue\nonly affected Ubuntu 23.10. (CVE-2023-6507)\n\nIt was discovered that Python incorrectly handled symlinks in temp files.\nAn attacker could possibly use this issue to modify the permissions of\nfiles. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,\nUbuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-6597)\n\nIt was discovered that Python incorrectly handled certain crafted zip\nfiles. An attacker could possibly use this issue to crash the program,\nresulting in a denial of service. (CVE-2024-0450)\n","modified":"2026-02-10T04:44:21Z","published":"2024-07-11T11:54:39Z","related":["UBUNTU-CVE-2015-20107","UBUNTU-CVE-2018-1060","UBUNTU-CVE-2018-1061","UBUNTU-CVE-2018-14647","UBUNTU-CVE-2018-20406","UBUNTU-CVE-2018-20852","UBUNTU-CVE-2019-10160","UBUNTU-CVE-2019-16056","UBUNTU-CVE-2019-16935","UBUNTU-CVE-2019-17514","UBUNTU-CVE-2019-18348","UBUNTU-CVE-2019-20907","UBUNTU-CVE-2019-5010","UBUNTU-CVE-2019-9636","UBUNTU-CVE-2019-9674","UBUNTU-CVE-2019-9740","UBUNTU-CVE-2019-9947","UBUNTU-CVE-2019-9948","UBUNTU-CVE-2020-14422","UBUNTU-CVE-2020-26116","UBUNTU-CVE-2020-27619","UBUNTU-CVE-2020-8492","UBUNTU-CVE-2021-29921","UBUNTU-CVE-2021-3177","UBUNTU-CVE-2021-3426","UBUNTU-CVE-2021-3733","UBUNTU-CVE-2021-3737","UBUNTU-CVE-2021-4189","UBUNTU-CVE-2022-0391","UBUNTU-CVE-2022-42919","UBUNTU-CVE-2022-45061","UBUNTU-CVE-2022-48560","UBUNTU-CVE-2022-48564","UBUNTU-CVE-2022-48565","UBUNTU-CVE-2022-48566","UBUNTU-CVE-2023-24329","UBUNTU-CVE-2023-40217","UBUNTU-CVE-2023-41105","UBUNTU-CVE-2023-6597","UBUNTU-CVE-2024-0450"],"upstream":["CVE-2015-20107","CVE-2018-1060","CVE-2018-1061","CVE-2018-14647","CVE-2018-20406","CVE-2018-20852","CVE-2019-10160","CVE-2019-16056","CVE-2019-16935","CVE-2019-17514","CVE-2019-18348","CVE-2019-20907","CVE-2019-5010","CVE-2019-9636","CVE-2019-9674","CVE-2019-9740","CVE-2019-9947","CVE-2019-9948","CVE-2020-14422","CVE-2020-26116","CVE-2020-27619","CVE-2020-8492","CVE-2021-29921","CVE-2021-3177","CVE-2021-3426","CVE-2021-3733","CVE-2021-3737","CVE-2021-4189","CVE-2022-0391","CVE-2022-42919","CVE-2022-45061","CVE-2022-48560","CVE-2022-48564","CVE-2022-48565","CVE-2022-48566","CVE-2023-24329","CVE-2023-40217","CVE-2023-41105","CVE-2023-6507","CVE-2023-6597","CVE-2024-0450","UBUNTU-CVE-2015-20107","UBUNTU-CVE-2018-1060","UBUNTU-CVE-2018-1061","UBUNTU-CVE-2018-14647","UBUNTU-CVE-2018-20406","UBUNTU-CVE-2018-20852","UBUNTU-CVE-2019-10160","UBUNTU-CVE-2019-16056","UBUNTU-CVE-2019-16935","UBUNTU-CVE-2019-17514","UBUNTU-CVE-2019-18348","UBUNTU-CVE-2019-20907","UBUNTU-CVE-2019-5010","UBUNTU-CVE-2019-9636","UBUNTU-CVE-2019-9674","UBUNTU-CVE-2019-9740","UBUNTU-CVE-2019-9947","UBUNTU-CVE-2019-9948","UBUNTU-CVE-2020-14422","UBUNTU-CVE-2020-26116","UBUNTU-CVE-2020-27619","UBUNTU-CVE-2020-8492","UBUNTU-CVE-2021-29921","UBUNTU-CVE-2021-3177","UBUNTU-CVE-2021-3426","UBUNTU-CVE-2021-3733","UBUNTU-CVE-2021-3737","UBUNTU-CVE-2021-4189","UBUNTU-CVE-2022-0391","UBUNTU-CVE-2022-42919","UBUNTU-CVE-2022-45061","UBUNTU-CVE-2022-48560","UBUNTU-CVE-2022-48564","UBUNTU-CVE-2022-48565","UBUNTU-CVE-2022-48566","UBUNTU-CVE-2023-24329","UBUNTU-CVE-2023-40217","UBUNTU-CVE-2023-41105","UBUNTU-CVE-2023-6507","UBUNTU-CVE-2023-6597","UBUNTU-CVE-2024-0450"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6891-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-20107"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1060"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-1061"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-14647"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20406"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-20852"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-5010"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9636"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9674"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9740"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9947"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-9948"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-10160"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-16056"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-16935"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-17514"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-18348"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-20907"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8492"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-14422"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-26116"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-27619"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3177"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3426"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3733"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-3737"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-4189"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-29921"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-0391"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-42919"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-45061"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-48560"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-48564"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-48565"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-48566"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-6507"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-6597"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-24329"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-40217"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-41105"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-0450"}],"affected":[{"package":{"name":"python3.5","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/python3.5@3.5.2-2ubuntu0~16.04.4~14.04.1+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1"}]}],"versions":["3.5.2-2ubuntu0~16.04.4~14.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"idle-python3.5"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"libpython3.5"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"libpython3.5-dev"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"libpython3.5-minimal"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"libpython3.5-stdlib"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"libpython3.5-testsuite"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"python3.5"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"python3.5-dev"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"python3.5-examples"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"python3.5-minimal"},{"binary_version":"3.5.2-2ubuntu0~16.04.4~14.04.1+esm1","binary_name":"python3.5-venv"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:14.04:LTS","cves":[{"id":"CVE-2015-20107","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2018-1060","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2018-1061","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2018-14647","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2018-20406","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2018-20852","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-5010","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2019-9636","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-9674","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]},{"id":"CVE-2019-9740","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-9947","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-9948","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-10160","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-16056","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-16935","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2019-17514","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]},{"id":"CVE-2019-18348","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-20907","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-8492","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-14422","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-26116","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-27619","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-3177","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-3426","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-3733","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-3737","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-4189","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-0391","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-45061","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48560","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48564","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48565","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48566","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-24329","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-40217","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python3.5","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/python3.5@3.5.2-2ubuntu0~16.04.13+esm13?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.2-2ubuntu0~16.04.13+esm13"}]}],"versions":["3.5.0-3","3.5.0-3ubuntu1","3.5.1~rc1-2ubuntu1","3.5.1-1","3.5.1-2","3.5.1-3","3.5.1-5","3.5.1-6ubuntu1","3.5.1-6ubuntu2","3.5.1-9ubuntu1","3.5.1-10","3.5.2-2~16.01","3.5.2-2~16.04","3.5.2-2ubuntu0~16.04.1","3.5.2-2ubuntu0~16.04.2","3.5.2-2ubuntu0~16.04.3","3.5.2-2ubuntu0~16.04.4","3.5.2-2ubuntu0~16.04.5","3.5.2-2ubuntu0~16.04.8","3.5.2-2ubuntu0~16.04.9","3.5.2-2ubuntu0~16.04.10","3.5.2-2ubuntu0~16.04.11","3.5.2-2ubuntu0~16.04.12","3.5.2-2ubuntu0~16.04.13","3.5.2-2ubuntu0~16.04.13+esm1","3.5.2-2ubuntu0~16.04.13+esm2","3.5.2-2ubuntu0~16.04.13+esm3","3.5.2-2ubuntu0~16.04.13+esm5","3.5.2-2ubuntu0~16.04.13+esm6","3.5.2-2ubuntu0~16.04.13+esm7","3.5.2-2ubuntu0~16.04.13+esm8","3.5.2-2ubuntu0~16.04.13+esm9","3.5.2-2ubuntu0~16.04.13+esm10","3.5.2-2ubuntu0~16.04.13+esm11","3.5.2-2ubuntu0~16.04.13+esm12"],"ecosystem_specific":{"binaries":[{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"idle-python3.5"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"libpython3.5"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"libpython3.5-dev"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"libpython3.5-minimal"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"libpython3.5-stdlib"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"libpython3.5-testsuite"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"python3.5"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"python3.5-dev"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"python3.5-examples"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"python3.5-minimal"},{"binary_version":"3.5.2-2ubuntu0~16.04.13+esm13","binary_name":"python3.5-venv"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:16.04:LTS","cves":[{"id":"CVE-2023-6597","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python3.6","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/python3.6@3.6.9-1~18.04ubuntu1.13+esm2?arch=source&distro=esm-infra/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.6.9-1~18.04ubuntu1.13+esm2"}]}],"versions":["3.6.3-1ubuntu1","3.6.4~rc1-1","3.6.4~rc1-2","3.6.4-1","3.6.4-2","3.6.4-3build1","3.6.4-4","3.6.5~rc1-1","3.6.5-3","3.6.6-1~18.04","3.6.7-1~18.04","3.6.8-1~18.04.1","3.6.8-1~18.04.2","3.6.8-1~18.04.3","3.6.9-1~18.04","3.6.9-1~18.04ubuntu1","3.6.9-1~18.04ubuntu1.1","3.6.9-1~18.04ubuntu1.3","3.6.9-1~18.04ubuntu1.4","3.6.9-1~18.04ubuntu1.6","3.6.9-1~18.04ubuntu1.7","3.6.9-1~18.04ubuntu1.8","3.6.9-1~18.04ubuntu1.9","3.6.9-1~18.04ubuntu1.10","3.6.9-1~18.04ubuntu1.12","3.6.9-1~18.04ubuntu1.13","3.6.9-1~18.04ubuntu1.13+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"idle-python3.6"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"libpython3.6"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"libpython3.6-dev"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"libpython3.6-minimal"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"libpython3.6-stdlib"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"libpython3.6-testsuite"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"python3.6"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"python3.6-dev"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"python3.6-examples"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"python3.6-minimal"},{"binary_version":"3.6.9-1~18.04ubuntu1.13+esm2","binary_name":"python3.6-venv"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2022-48560","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48565","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48566","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python3.7","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/python3.7@3.7.5-2ubuntu1~18.04.2+esm3?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.5-2ubuntu1~18.04.2+esm3"}]}],"versions":["3.7.0~a2-1","3.7.0~a3-1","3.7.0~a3-2","3.7.0~a3-3","3.7.0~a4-1","3.7.0~b1-1","3.7.0~b1-1build1","3.7.0~b2-1","3.7.0~b3-1","3.7.0-1~18.04","3.7.1-1~18.04","3.7.3-2~18.04.1","3.7.5-2~18.04","3.7.5-2~18.04.4","3.7.5-2ubuntu1~18.04.2","3.7.5-2ubuntu1~18.04.2+esm1","3.7.5-2ubuntu1~18.04.2+esm2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"idle-python3.7"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"libpython3.7"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"libpython3.7-dev"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"libpython3.7-minimal"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"libpython3.7-stdlib"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"libpython3.7-testsuite"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"python3.7"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"python3.7-dev"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"python3.7-examples"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"python3.7-minimal"},{"binary_version":"3.7.5-2ubuntu1~18.04.2+esm3","binary_name":"python3.7-venv"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2015-20107","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2019-9674","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]},{"id":"CVE-2019-17514","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]},{"id":"CVE-2019-18348","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-20907","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-14422","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-26116","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-3426","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-4189","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-29921","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-0391","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-45061","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48560","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48564","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48565","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48566","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-6597","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-24329","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-40217","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python3.8","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/python3.8@3.8.0-3ubuntu1~18.04.2+esm2?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.0-3ubuntu1~18.04.2+esm2"}]}],"versions":["3.8.0-3~18.04","3.8.0-3~18.04.1","3.8.0-3ubuntu1~18.04.2","3.8.0-3ubuntu1~18.04.2+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"idle-python3.8"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"libpython3.8"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"libpython3.8-dev"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"libpython3.8-minimal"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"libpython3.8-stdlib"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"libpython3.8-testsuite"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"python3.8"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"python3.8-dev"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"python3.8-examples"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"python3.8-minimal"},{"binary_version":"3.8.0-3ubuntu1~18.04.2+esm2","binary_name":"python3.8-venv"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:18.04:LTS","cves":[{"id":"CVE-2015-20107","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2019-9674","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]},{"id":"CVE-2019-17514","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"negligible","type":"Ubuntu"}]},{"id":"CVE-2019-18348","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-20907","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-14422","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-26116","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-3426","severity":[{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2021-4189","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2021-29921","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-0391","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-45061","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48560","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48564","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48565","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2022-48566","severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-6597","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-24329","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-40217","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python3.8","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/python3.8@3.8.10-0ubuntu1~20.04.10?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.10-0ubuntu1~20.04.10"}]}],"versions":["3.8.0-1","3.8.0-2","3.8.0-3","3.8.0-4","3.8.0-5","3.8.1-2ubuntu3","3.8.2~rc1-1ubuntu1","3.8.2-1","3.8.2-1ubuntu1","3.8.2-1ubuntu1.1","3.8.2-1ubuntu1.2","3.8.5-1~20.04","3.8.5-1~20.04.2","3.8.5-1~20.04.3","3.8.10-0ubuntu1~20.04","3.8.10-0ubuntu1~20.04.1","3.8.10-0ubuntu1~20.04.2","3.8.10-0ubuntu1~20.04.4","3.8.10-0ubuntu1~20.04.5","3.8.10-0ubuntu1~20.04.6","3.8.10-0ubuntu1~20.04.7","3.8.10-0ubuntu1~20.04.8","3.8.10-0ubuntu1~20.04.9"],"ecosystem_specific":{"binaries":[{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"idle-python3.8"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"libpython3.8"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"libpython3.8-dev"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"libpython3.8-minimal"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"libpython3.8-stdlib"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"libpython3.8-testsuite"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"python3.8"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"python3.8-dev"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"python3.8-examples"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"python3.8-full"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"python3.8-minimal"},{"binary_version":"3.8.10-0ubuntu1~20.04.10","binary_name":"python3.8-venv"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2023-6597","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python3.9","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/python3.9@3.9.5-3ubuntu0~20.04.1+esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9.5-3ubuntu0~20.04.1+esm2"}]}],"versions":["3.9.0~rc1-1~20.04","3.9.0-5~20.04","3.9.5-3~20.04.1","3.9.5-3ubuntu0~20.04.1","3.9.5-3ubuntu0~20.04.1+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"idle-python3.9"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"libpython3.9"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"libpython3.9-dev"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"libpython3.9-minimal"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"libpython3.9-stdlib"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"libpython3.9-testsuite"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"python3.9"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"python3.9-dev"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"python3.9-examples"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"python3.9-full"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"python3.9-minimal"},{"binary_version":"3.9.5-3ubuntu0~20.04.1+esm2","binary_name":"python3.9-venv"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:20.04:LTS","cves":[{"id":"CVE-2023-6597","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-40217","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python3.10","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/python3.10@3.10.12-1~22.04.4?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.12-1~22.04.4"}]}],"versions":["3.10.0-2","3.10.0-3","3.10.0-4","3.10.0-5","3.10.0-5build1","3.10.1-1","3.10.1-2","3.10.2-1","3.10.2-5","3.10.2-7","3.10.3-1","3.10.4-3","3.10.4-3ubuntu0.1","3.10.6-1~22.04","3.10.6-1~22.04.1","3.10.6-1~22.04.2","3.10.6-1~22.04.2ubuntu1","3.10.6-1~22.04.2ubuntu1.1","3.10.12-1~22.04.2","3.10.12-1~22.04.3"],"ecosystem_specific":{"binaries":[{"binary_version":"3.10.12-1~22.04.4","binary_name":"idle-python3.10"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"libpython3.10"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"libpython3.10-dev"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"libpython3.10-minimal"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"libpython3.10-stdlib"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"libpython3.10-testsuite"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"python3.10"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"python3.10-dev"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"python3.10-examples"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"python3.10-full"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"python3.10-minimal"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"python3.10-nopie"},{"binary_version":"3.10.12-1~22.04.4","binary_name":"python3.10-venv"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2023-6597","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}},{"package":{"name":"python3.11","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/python3.11@3.11.0~rc1-1~22.04.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.11.0~rc1-1~22.04.1~esm1"}]}],"versions":["3.11.0~rc1-1~22.04"],"ecosystem_specific":{"binaries":[{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"idle-python3.11"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"libpython3.11"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"libpython3.11-dev"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"libpython3.11-minimal"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"libpython3.11-stdlib"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"libpython3.11-testsuite"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"python3.11"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"python3.11-dev"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"python3.11-examples"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"python3.11-full"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"python3.11-minimal"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"python3.11-nopie"},{"binary_version":"3.11.0~rc1-1~22.04.1~esm1","binary_name":"python3.11-venv"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6891-1.json","cves_map":{"ecosystem":"Ubuntu:Pro:22.04:LTS","cves":[{"id":"CVE-2022-42919","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"high","type":"Ubuntu"}]},{"id":"CVE-2022-45061","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-6597","severity":[{"score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-24329","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-40217","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-41105","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2024-0450","severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}]}}}],"schema_version":"1.7.3"}