Skip to main content
Version: latest

CVE-2024-7592

CVE Details

Visit the official vulnerability details page for CVE-2024-7592 to learn more.

Initial Publication

10/25/2024

Last Update

12/13/2024

Third Party Dependency

pyc

NIST CVE Summary

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module.

When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

CVE Severity

7.5

Our Official Summary

Some problematic patterns and their application can lead to exponential time complexity under certain conditions, akin to a Regular Expression Denial of Service (ReDoS) attack. Investigating to see if there is a upstream fix available.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.15⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.11⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.10⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.8⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.5⚠️ Impacted⚠️ Impacted⚠️ Impacted✅ No Impact
4.5.4⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
11/13/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.4.20
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5