Mailman 3 [CVE-2026-3479] pkgutil.get_data does not enforce documented restrictions - Security-announce - python.org

newer
[CVE-2026-4519] webbrowser.open()...

[CVE-2026-3479] pkgutil.get_data does not enforce documented restrictions

older
[CVE-2026-4224] Stack overflow...

Stan Ulbrych

March 18, 2026

5:58 p.m.

There is a LOW severity vulnerability affecting CPython.

pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals.

Please see the linked CVE ID for the latest information on affected versions:

Attachments:

attachment.html (text/html — 503 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

54

Age (days ago)

54

Last active (days ago)

Download

0 comments

1 participants

tags

participants (1)

Stan Ulbrych