Anolis OS update for python38:3.8 module
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-24329 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Anolis OS Operating systems & Components / Operating system python38-rpm-macros Operating systems & Components / Operating system package or component python38-pip-wheel Operating systems & Components / Operating system package or component python38-pip Operating systems & Components / Operating system package or component python38-numpy-doc Operating systems & Components / Operating system package or component python38-jinja2 Operating systems & Components / Operating system package or component python38-tkinter Operating systems & Components / Operating system package or component python38-test Operating systems & Components / Operating system package or component python38-scipy Operating systems & Components / Operating system package or component python38-numpy-f2py Operating systems & Components / Operating system package or component python38-numpy Operating systems & Components / Operating system package or component python38-mod_wsgi Operating systems & Components / Operating system package or component python38-libs Operating systems & Components / Operating system package or component python38-idle Operating systems & Components / Operating system package or component python38-devel Operating systems & Components / Operating system package or component python38-debug Operating systems & Components / Operating system package or component python38 Operating systems & Components / Operating system package or component python38-wheel-wheel Operating systems & Components / Operating system package or component python38-wheel Operating systems & Components / Operating system package or component python38-wcwidth Operating systems & Components / Operating system package or component python38-urllib3 Operating systems & Components / Operating system package or component python38-setuptools-wheel Operating systems & Components / Operating system package or component python38-setuptools Operating systems & Components / Operating system package or component python38-pytest Operating systems & Components / Operating system package or component python38-pyparsing Operating systems & Components / Operating system package or component python38-py Operating systems & Components / Operating system package or component python38-pluggy Operating systems & Components / Operating system package or component python38-packaging Operating systems & Components / Operating system package or component python38-more-itertools Operating systems & Components / Operating system package or component python38-babel Operating systems & Components / Operating system package or component python38-attrs Operating systems & Components / Operating system package or component python38-atomicwrites Operating systems & Components / Operating system package or component python38-psutil Operating systems & Components / Operating system package or component python38-lxml Operating systems & Components / Operating system package or component python38-six Operating systems & Components / Operating system package or component python38-requests Operating systems & Components / Operating system package or component python38-pytz Operating systems & Components / Operating system package or component python38-pysocks Operating systems & Components / Operating system package or component python38-pycparser Operating systems & Components / Operating system package or component python38-ply Operating systems & Components / Operating system package or component python38-idna Operating systems & Components / Operating system package or component python38-chardet Operating systems & Components / Operating system package or component python38-asn1crypto Operating systems & Components / Operating system package or component python38-PyMySQL Operating systems & Components / Operating system package or component python38-pyyaml Operating systems & Components / Operating system package or component python38-psycopg2-tests Operating systems & Components / Operating system package or component python38-psycopg2-doc Operating systems & Components / Operating system package or component python38-psycopg2 Operating systems & Components / Operating system package or component python38-markupsafe Operating systems & Components / Operating system package or component python38-cryptography Operating systems & Components / Operating system package or component python38-cffi Operating systems & Components / Operating system package or component python38-Cython Operating systems & Components / Operating system package or component |
| Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU72618
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-24329
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented filters.
The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python38-rpm-macros: before 3.8.16-2
python38-pip-wheel: before 19.3.1-6.0.1
python38-pip: before 19.3.1-6.0.1
python38-numpy-doc: before 1.17.3-6.0.1
python38-jinja2: before 2.11.3-1
python38-tkinter: before 3.8.16-2
python38-test: before 3.8.16-2
python38-scipy: before 1.3.1-4.0.2
python38-numpy-f2py: before 1.17.3-6.0.1
python38-numpy: before 1.17.3-6.0.1
python38-mod_wsgi: before 4.6.8-4
python38-libs: before 3.8.16-2
python38-idle: before 3.8.16-2
python38-devel: before 3.8.16-2
python38-debug: before 3.8.16-2
python38: before 3.8.16-2
python38-wheel-wheel: before 0.33.6-6
python38-wheel: before 0.33.6-6
python38-wcwidth: before 0.1.7-16
python38-urllib3: before 1.25.7-5
python38-setuptools-wheel: before 41.6.0-5
python38-setuptools: before 41.6.0-5
python38-pytest: before 4.6.6-3
python38-pyparsing: before 2.4.5-3
python38-py: before 1.8.0-8
python38-pluggy: before 0.13.0-3
python38-packaging: before 19.2-3
python38-more-itertools: before 7.2.0-5
python38-babel: before 2.7.0-11
python38-attrs: before 19.3.0-3
python38-atomicwrites: before 1.3.0-8
python38-psutil: before 5.6.4-4
python38-lxml: before 4.4.1-7
python38-six: before 1.12.0-10
python38-requests: before 2.22.0-9
python38-pytz: before 2019.3-3
python38-pysocks: before 1.7.1-4
python38-pycparser: before 2.19-3
python38-ply: before 3.11-10
python38-idna: before 2.8-6
python38-chardet: before 3.0.4-19
python38-asn1crypto: before 1.2.0-3
python38-PyMySQL: before 0.10.1-1
python38-pyyaml: before 5.4.1-1
python38-psycopg2-tests: before 2.8.4-4
python38-psycopg2-doc: before 2.8.4-4
python38-psycopg2: before 2.8.4-4
python38-markupsafe: before 1.1.1-6
python38-cryptography: before 2.8-3
python38-cffi: before 1.13.2-3
python38-Cython: before 0.29.14-4
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python38-rpm-macros:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pip-wheel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pip:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-numpy-doc:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-jinja2:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-tkinter:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-test:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-scipy:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-numpy-f2py:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-numpy:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-mod_wsgi:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-idle:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-debug:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-wheel-wheel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-wheel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-wcwidth:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-urllib3:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-setuptools-wheel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-setuptools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pytest:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pyparsing:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-py:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pluggy:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-packaging:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-more-itertools:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-babel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-attrs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-atomicwrites:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-psutil:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-lxml:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-six:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-requests:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pytz:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pysocks:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pycparser:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-ply:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-idna:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-chardet:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-asn1crypto:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pymysql:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-pyyaml:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-psycopg2-tests:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-psycopg2-doc:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-psycopg2:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-markupsafe:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-cryptography:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-cffi:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:python38-cython:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2023:0318
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
