Skip to main content
Version: latest

CVE-2024-7592

CVE Details

Visit the official vulnerability details page for CVE-2024-7592 to learn more.

Initial Publication

10/25/2024

Last Update

03/18/2025

Third Party Dependency

pyc

NIST CVE Summary

There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module.

When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.

CVE Severity

7.5

Our Official Summary

Some problematic patterns and their application can lead to exponential time complexity under certain conditions, akin to a Regular Expression Denial of Service (ReDoS) attack. This is fixed in the latest releases.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.6.13✅ No Impact✅ No Impact⚠️ Impacted✅ No Impact
4.6.12✅ No Impact✅ No Impact⚠️ Impacted⚠️ Impacted
4.5.20⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.15⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.11⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.10⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.8⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.5.5⚠️ Impacted⚠️ Impacted⚠️ Impacted✅ No Impact
4.5.4⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
03/18/2025Impacted versions changed from 4.5.4, 4.4.20 to 4.5.4, 4.4.20, 4.6.12
03/13/2025Official summary revised: Some problematic patterns and their application can lead to exponential time complexity under certain conditions, akinto a Regular Expression Denial of Service (ReDoS) attack. This is fixed in the latest releases.
11/13/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.4.20