CVE-2024-7592
CVE Details
Visit the official vulnerability details page for CVE-2024-7592 to learn more.
Initial Publication
10/25/2024
Last Update
12/13/2024
Third Party Dependency
pyc
NIST CVE Summary
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module.
When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
CVE Severity
Our Official Summary
Some problematic patterns and their application can lead to exponential time complexity under certain conditions, akin to a Regular Expression Denial of Service (ReDoS) attack. Investigating to see if there is a upstream fix available.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.5.15 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.11 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.10 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.8 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.5 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ✅ No Impact |
| 4.5.4 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 11/13/2024 | Impacted versions changed from 4.5.4 to 4.5.4, 4.4.20 |