Wind River Support Network

HomeDefectsLIN1021-10832
Fixed

LIN1021-10832 : Security Advisory - python - CVE-2024-7592

Created: Aug 17, 2024    Updated: Oct 23, 2024
Resolved Date: Oct 23, 2024
Found In Version: 10.21.20.1
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Userspace

Description

There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module.


When parsing cookies that contained backslashes for quoted characters in
the cookie value, the parser would use an algorithm with quadratic
complexity, resulting in excess CPU resources being used while parsing the
value.

https://nvd.nist.gov/vuln/detail/CVE-2024-7592

CVEs


Live chat
Online