Message 399805 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	Joel Croteau, Julian, achraf-mer, christian.heimes, docs@python, eric.smith, gc2, lukasz.langa, mgorny, miss-islington, ncoghlan, ned.deily, pablogsal, pmoody, python-dev, serhiy.storchaka, steve.dower, vstinner
Date	2021-08-17.23:13:39
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1629242019.89.0.168405110886.issue36384@roundup.psfhosted.org>
In-reply-to

Content
The CVE was rated https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1, which is equivalent to a RCE with authentication bypass. I would rate the issue https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N&version=3.1, maybe A:L.

The CVE was rated https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1, which is equivalent to a RCE with authentication bypass.

I would rate the issue https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N&version=3.1, maybe A:L.

History
Date	User	Action	Args
2021-08-17 23:13:39	christian.heimes	set	recipients: + christian.heimes, ncoghlan, vstinner, eric.smith, ned.deily, pmoody, docs@python, lukasz.langa, mgorny, Julian, python-dev, serhiy.storchaka, steve.dower, pablogsal, miss-islington, Joel Croteau, gc2, achraf-mer
2021-08-17 23:13:39	christian.heimes	set	messageid: <1629242019.89.0.168405110886.issue36384@roundup.psfhosted.org>
2021-08-17 23:13:39	christian.heimes	link	issue36384 messages
2021-08-17 23:13:39	christian.heimes	create