漏洞标题
错误的IPv4和IPv6私有范围
漏洞描述信息
"ipaddress"模块包含关于某些IPv4和IPv6地址是否被标记为“全局可达”或“私有”的不准确信息。这影响了ipaddress.IPv4Address、ipaddress.IPv4Network、ipaddress.IPv6Address和ipaddress.IPv6Network类的is_private和is_global属性,其中返回的值不符合IANA特殊目的地址注册表的最新信息。
CPython 3.12.4和3.13.0a6包含了这些注册表的更新信息,因此具有预期的行为。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
信息暴露
漏洞标题
Incorrect IPv4 and IPv6 private ranges
漏洞描述信息
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.
CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
cpython 安全漏洞
漏洞描述信息
cpython是Python基金会的用C语言实现的Python解释器。 CPython存在安全漏洞,该漏洞源于不会根据IANA Special-Purpose Address Registries的最新信息返回值。
CVSS信息
N/A
漏洞类别
其他