Msrc Cm1 Python3 3.7.10-3 On Cbl Mariner 1.0 vulnerabilities

CVE-2020-29396 [HIGH] CWE-267 A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0 when running with Python 3.6 or later allows remote authenticated users to execute arbitrary code leading t A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0 when running with Python 3.6 or later allows remote authenticated users to execute arbitrary code leading to privilege escalation. FAQ: Is Azure Linux the only Microsoft produ

CVE-2020-26116 [HIGH] CWE-74 http.client in Python 3.x before 3.5.10 3.6.x before 3.6.12 3.7.x before 3.7.9 and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by insertin http.client in Python 3.x before 3.5.10 3.6.x before 3.6.12 3.7.x before 3.7.9 and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection

CVE-2019-20907 [HIGH] CWE-835 In Lib/tarfile.py in Python through 3.8.3 an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open because _proc_pax lacks header validation. In Lib/tarfile.py in Python through 3.8.3 an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open because _proc_pax lacks header validation. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefor

CVE-2020-14422 [MEDIUM] CWE-682 Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes which might allow a remote attacker to cause a denial of service if an applicati Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4In

CVE-2019-18348 [MEDIUM] CWE-74 An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the first An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the h