Mailman 3 [CVE-2025-6075] Quadratic complexity in os.path.expandvars() with user-controlled template - Security-announce - python.org

newer
[CVE-2025-13836] Excessive read...

[CVE-2025-6075] Quadratic complexity in os.path.expandvars() with user-controlled template

older
[CVE-2025-8291] ZIP64 End of...

Seth Larson

Oct. 31, 2025

4:31 p.m.

There is a LOW severity vulnerability affecting CPython.

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Please see the linked CVE ID for the latest information on affected versions:

Attachments:

attachment.html (text/html — 588 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

230

Age (days ago)

230

Last active (days ago)

Download

0 comments

1 participants

tags

participants (1)

Seth Larson