Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2019-17514

Published: 12/10/2019 Updated: 27/07/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Python

Vulnerability Summary

library/glob.html in the Python 2 and 3 documentation prior to 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python 3.8.0

python python 3.6.0

python python 3.7.0

References

NVD-CWE-noinfoCWE-682https://web.archive.org/web/20150906020027/https://docs.python.org/2.7/library/glob.htmlhttps://web.archive.org/web/20160309211341/https://docs.python.org/3/library/glob.htmlhttps://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L405https://bugs.python.org/issue33275https://github.com/bminor/bash/blob/ac50fbac377e32b98d2de396f016ea81e8ee9961/pathexp.c#L380https://www.vice.com/en_us/article/zmjwda/a-code-glitch-may-have-caused-errors-in-more-than-100-published-studieshttps://pubs.acs.org/doi/full/10.1021/acs.orglett.9b03216https://web.archive.org/web/20160526201356/https://docs.python.org/2.7/library/glob.htmlhttps://web.archive.org/web/20150822013622/https://docs.python.org/3/library/glob.htmlhttps://twitter.com/LucasCMoore/status/1181615421922824192https://pubs.acs.org/doi/suppl/10.1021/acs.orglett.9b03216/suppl_file/ol9b03216_si_002.ziphttps://twitter.com/chris_bloke/status/1181997278136958976https://security.netapp.com/advisory/ntap-20191107-0005/https://usn.ubuntu.com/4428-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook