{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for python3.12 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\n* python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)\n\n* cpython: Out-of-memory when loading Plist (CVE-2025-13837)\n\n* cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)\n\n* cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)\n\n* cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)\n\n* cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)\n\n* cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)\n\n* python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)\n\n* python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)\n\n* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n\n* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:19064",
        "url": "https://access.redhat.com/errata/RHSA-2026:19064"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2395108",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
      },
      {
        "category": "external",
        "summary": "2408891",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
      },
      {
        "category": "external",
        "summary": "2418084",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
      },
      {
        "category": "external",
        "summary": "2431366",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
      },
      {
        "category": "external",
        "summary": "2431374",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
      },
      {
        "category": "external",
        "summary": "2444691",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
      },
      {
        "category": "external",
        "summary": "2448168",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
      },
      {
        "category": "external",
        "summary": "2448181",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
      },
      {
        "category": "external",
        "summary": "2449649",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
      },
      {
        "category": "external",
        "summary": "2457409",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
      },
      {
        "category": "external",
        "summary": "2457932",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
      },
      {
        "category": "external",
        "summary": "2458049",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19064.json"
      }
    ],
    "title": "Red Hat Security Advisory: python3.12 security update",
    "tracking": {
      "current_release_date": "2026-07-02T12:55:06+00:00",
      "generator": {
        "date": "2026-07-02T12:55:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.1"
        }
      },
      "id": "RHSA-2026:19064",
      "initial_release_date": "2026-05-19T13:35:50+00:00",
      "revision_history": [
        {
          "date": "2026-05-19T13:35:50+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-19T13:35:50+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-02T12:55:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                  "product_id": "AppStream-10.2.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 10)",
                  "product_id": "BaseOS-10.2.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
                  "product_id": "CRB-10.2.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-unversioned-command-0:3.12.13-2.el10_2.noarch",
                "product": {
                  "name": "python-unversioned-command-0:3.12.13-2.el10_2.noarch",
                  "product_id": "python-unversioned-command-0:3.12.13-2.el10_2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-unversioned-command@3.12.13-2.el10_2?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python3-devel-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3-devel-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3-devel-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-devel@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-tkinter-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3-tkinter-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3-tkinter-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-tkinter@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12-debugsource@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12-debuginfo@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-libs-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3-libs-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3-libs-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-libs@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-debug-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3-debug-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3-debug-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-debug@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-idle-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3-idle-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3-idle-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-idle@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-test-0:3.12.13-2.el10_2.aarch64",
                "product": {
                  "name": "python3-test-0:3.12.13-2.el10_2.aarch64",
                  "product_id": "python3-test-0:3.12.13-2.el10_2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-test@3.12.13-2.el10_2?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python3-devel-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3-devel-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3-devel-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-devel@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-tkinter@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12-debugsource@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12-debuginfo@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-libs-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3-libs-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3-libs-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-libs@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-debug-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3-debug-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3-debug-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-debug@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-idle-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3-idle-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3-idle-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-idle@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-test-0:3.12.13-2.el10_2.ppc64le",
                "product": {
                  "name": "python3-test-0:3.12.13-2.el10_2.ppc64le",
                  "product_id": "python3-test-0:3.12.13-2.el10_2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-test@3.12.13-2.el10_2?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python3-devel-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3-devel-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3-devel-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-devel@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-tkinter-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3-tkinter-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3-tkinter-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-tkinter@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12-debugsource@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12-debuginfo@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-libs-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3-libs-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3-libs-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-libs@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-debug-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3-debug-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3-debug-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-debug@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-idle-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3-idle-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3-idle-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-idle@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-test-0:3.12.13-2.el10_2.s390x",
                "product": {
                  "name": "python3-test-0:3.12.13-2.el10_2.s390x",
                  "product_id": "python3-test-0:3.12.13-2.el10_2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-test@3.12.13-2.el10_2?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python3-devel-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3-devel-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3-devel-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-devel@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-tkinter-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3-tkinter-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3-tkinter-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-tkinter@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12-debugsource@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12-debuginfo@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-libs-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3-libs-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3-libs-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-libs@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-debug-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3-debug-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3-debug-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-debug@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-idle-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3-idle-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3-idle-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-idle@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-test-0:3.12.13-2.el10_2.x86_64",
                "product": {
                  "name": "python3-test-0:3.12.13-2.el10_2.x86_64",
                  "product_id": "python3-test-0:3.12.13-2.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-test@3.12.13-2.el10_2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python3.12-0:3.12.13-2.el10_2.src",
                "product": {
                  "name": "python3.12-0:3.12.13-2.el10_2.src",
                  "product_id": "python3.12-0:3.12.13-2.el10_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3.12@3.12.13-2.el10_2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-unversioned-command-0:3.12.13-2.el10_2.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch"
        },
        "product_reference": "python-unversioned-command-0:3.12.13-2.el10_2.noarch",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-devel-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3-devel-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-devel-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3-devel-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-devel-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3-devel-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-devel-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3-devel-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-tkinter-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3-tkinter-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-tkinter-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-tkinter-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3-tkinter-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-tkinter-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3-tkinter-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-libs-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3-libs-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-libs-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3-libs-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-libs-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3-libs-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-libs-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3-libs-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-0:3.12.13-2.el10_2.src as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src"
        },
        "product_reference": "python3.12-0:3.12.13-2.el10_2.src",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 10)",
          "product_id": "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "BaseOS-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-debug-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3-debug-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-debug-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3-debug-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-debug-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3-debug-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-debug-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3-debug-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-idle-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3-idle-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-idle-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3-idle-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-idle-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3-idle-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-idle-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3-idle-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-test-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3-test-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-test-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3-test-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-test-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3-test-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-test-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3-test-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
        "relates_to_product_reference": "CRB-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
          "product_id": "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        },
        "product_reference": "python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
        "relates_to_product_reference": "CRB-10.2.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-6075",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-10-31T17:01:47.052517+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2408891"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-6075"
        },
        {
          "category": "external",
          "summary": "RHBZ#2408891",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/136065",
          "url": "https://github.com/python/cpython/issues/136065"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
        }
      ],
      "release_date": "2025-10-31T16:41:34.983000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
    },
    {
      "cve": "CVE-2025-13837",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-12-01T19:01:32.492656+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418084"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the plistlib module in the Python standard library. The amount of data to read from a Plist file is specified in the file itself. This issue allows a specially crafted Plist file to cause an application to allocate a large amount of memory, potentially resulting in allocations errors, swapping, out-of-memory conditions or even system freezes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: Out-of-memory when loading Plist",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue can only be exploited by Python applications processing malicious or untrusted Plist files, which are not typically done in Linux systems or applications. Furthermore, this flaw can cause only a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-13837"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418084",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418084"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-13837",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13837"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/119342",
          "url": "https://github.com/python/cpython/issues/119342"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/119343",
          "url": "https://github.com/python/cpython/pull/119343"
        }
      ],
      "release_date": "2025-12-01T18:13:32.739000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cpython: Out-of-memory when loading Plist"
    },
    {
      "cve": "CVE-2025-15282",
      "cwe": {
        "id": "CWE-93",
        "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')"
      },
      "discovery_date": "2026-01-20T22:01:20.971828+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Missing newline filtering has been discovered in Python. User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: Header injection via newlines in data URL mediatype in Python",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-15282"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-15282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15282",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15282"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/143925",
          "url": "https://github.com/python/cpython/issues/143925"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/143926",
          "url": "https://github.com/python/cpython/pull/143926"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/X66HL7SISGJT33J53OHXMZT4DFLMHVKF/"
        }
      ],
      "release_date": "2026-01-20T21:35:13.865000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cpython: Header injection via newlines in data URL mediatype in Python"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-09-15T03:00:59.775098+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2395108"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat’s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document—something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "RHBZ#2395108",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
          "url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
        }
      ],
      "release_date": "2025-09-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
    },
    {
      "cve": "CVE-2026-0672",
      "cwe": {
        "id": "CWE-93",
        "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')"
      },
      "discovery_date": "2026-01-20T22:02:15.663936+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431374"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An injection flaw has been discovered in Python. When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: Header injection in http.cookies.Morsel in Python",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-0672"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431374",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431374"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-0672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0672",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0672"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/143919",
          "url": "https://github.com/python/cpython/issues/143919"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/143920",
          "url": "https://github.com/python/cpython/pull/143920"
        }
      ],
      "release_date": "2026-01-20T21:52:33.925000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cpython: Header injection in http.cookies.Morsel in Python"
    },
    {
      "cve": "CVE-2026-1502",
      "cwe": {
        "id": "CWE-93",
        "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')"
      },
      "discovery_date": "2026-04-10T19:01:07.715197+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2457409"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Python. This vulnerability allows for the injection of extra information into HTTP communication. Specifically, the system does not properly prevent special characters (carriage return and line feed) from being included in HTTP client proxy tunnel headers or host fields.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1502"
        },
        {
          "category": "external",
          "summary": "RHBZ#2457409",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457409"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1502"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1502"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69",
          "url": "https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/146211",
          "url": "https://github.com/python/cpython/issues/146211"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/146212",
          "url": "https://github.com/python/cpython/pull/146212"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/"
        }
      ],
      "release_date": "2026-04-10T17:54:44.121000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "python: Python: HTTP header injection via CR/LF in proxy tunnel headers"
    },
    {
      "cve": "CVE-2026-2297",
      "cwe": {
        "id": "CWE-778",
        "name": "Insufficient Logging"
      },
      "discovery_date": "2026-03-04T23:01:09.396553+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2444691"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files (.pyc), does not properly trigger system audit events. This oversight could enable malicious activities to go undetected, compromising the integrity of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-2297"
        },
        {
          "category": "external",
          "summary": "RHBZ#2444691",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444691"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-2297",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2297",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2297"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e",
          "url": "https://github.com/python/cpython/commit/482d6f8bdba9da3725d272e8bb4a2d25fb6a603e"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e",
          "url": "https://github.com/python/cpython/commit/a51b1b512de1d56b3714b65628a2eae2b07e535e"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86",
          "url": "https://github.com/python/cpython/commit/e58e9802b9bec5cdbf48fc9bf1da5f4fda482e86"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/145506",
          "url": "https://github.com/python/cpython/issues/145506"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/145507",
          "url": "https://github.com/python/cpython/pull/145507"
        }
      ],
      "release_date": "2026-03-04T22:10:43.297000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "cpython: CPython: Logging Bypass in Legacy .pyc File Handling"
    },
    {
      "cve": "CVE-2026-3644",
      "cwe": {
        "id": "CWE-791",
        "name": "Incomplete Filtering of Special Elements"
      },
      "discovery_date": "2026-03-16T18:02:25.997880+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448168"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve  CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: Incomplete control character validation in http.cookies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-3644"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448168",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448168"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-3644",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-3644"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3644",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3644"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4",
          "url": "https://github.com/python/cpython/commit/57e88c1cf95e1481b94ae57abe1010469d47a6b4"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/145599",
          "url": "https://github.com/python/cpython/issues/145599"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/145600",
          "url": "https://github.com/python/cpython/pull/145600"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/"
        }
      ],
      "release_date": "2026-03-16T17:37:31.344000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cpython: Incomplete control character validation in http.cookies"
    },
    {
      "cve": "CVE-2026-4224",
      "cwe": {
        "id": "CWE-805",
        "name": "Buffer Access with Incorrect Length Value"
      },
      "discovery_date": "2026-03-16T19:01:54.161187+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448181"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cpython: Stack overflow parsing XML with deeply nested DTD content models",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4224"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448181",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448181"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4224",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4224"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4224",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4224"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a",
          "url": "https://github.com/python/cpython/commit/196edfb06a7458377d4d0f4b3cd41724c1f3bd4a"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3",
          "url": "https://github.com/python/cpython/commit/e0a8a6da90597a924b300debe045cdb4628ee1f3"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768",
          "url": "https://github.com/python/cpython/commit/eb0e8be3a7e11b87d198a2c3af1ed0eccf532768"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/145986",
          "url": "https://github.com/python/cpython/issues/145986"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/145987",
          "url": "https://github.com/python/cpython/pull/145987"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/5M7CGUW3XBRY7II4DK43KF7NQQ3TPZ6R/"
        }
      ],
      "release_date": "2026-03-16T17:52:26.639000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "cpython: Stack overflow parsing XML with deeply nested DTD content models"
    },
    {
      "cve": "CVE-2026-4519",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"
      },
      "discovery_date": "2026-03-20T16:02:13.494105+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449649"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4519"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449649",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4519",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4519",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4519"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/143930",
          "url": "https://github.com/python/cpython/issues/143930"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/143931",
          "url": "https://github.com/python/cpython/pull/143931"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"
        }
      ],
      "release_date": "2026-03-20T15:08:32.576000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs"
    },
    {
      "cve": "CVE-2026-4786",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"
      },
      "discovery_date": "2026-04-13T22:01:38.006388+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2458049"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Python webbrowser.open() API. If a specially crafted URL containing \"%action\" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw in the Python `webbrowser.open()` API allows for command injection and arbitrary code execution when processing specially crafted URLs containing \"%action\". This bypasses a previous mitigation for CVE-2026-4519.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4786"
        },
        {
          "category": "external",
          "summary": "RHBZ#2458049",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458049"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4786"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/148169",
          "url": "https://github.com/python/cpython/issues/148169"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/148170",
          "url": "https://github.com/python/cpython/pull/148170"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/JQDUNJVB4AQNTJECSUKOBDU3XCJIPSE5/"
        }
      ],
      "release_date": "2026-04-13T21:52:19.036000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API"
    },
    {
      "cve": "CVE-2026-6100",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2026-04-13T18:01:31.970255+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2457932"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Python's decompression modules, including `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This vulnerability, a use-after-free, can occur if a program attempts to re-use a decompression object after a memory allocation error, especially when the system is experiencing high memory usage. Exploitation of this flaw could potentially allow an attacker to execute arbitrary code or access sensitive data. The vulnerability is only present if the program re-uses decompressor instances across multiple decompression calls even after a `MemoryError` is raised during decompression. Using the helper functions to one-shot decompress data such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` are not affected as a new decompressor instance is used per call. If the decompressor instance is not re-used after an error condition, this usage is similarly not vulnerable.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The severity of this flaw is somewhat mitigated on Red Hat platforms. By default processes are not executed with root user privilege and are limited in their scope which in turn limits the impact of this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
          "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-6100"
        },
        {
          "category": "external",
          "summary": "RHBZ#2457932",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457932"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-6100",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6100"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d",
          "url": "https://github.com/python/cpython/commit/6a5f79c8d7bbf22b083b240910c7a8781a59437d"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2",
          "url": "https://github.com/python/cpython/commit/8fc66aef6d7b3ae58f43f5c66f9366cc8cbbfcd2"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20",
          "url": "https://github.com/python/cpython/commit/c3cf71c3366fe49acb776a639405c0eea6169c20"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/issues/148395",
          "url": "https://github.com/python/cpython/issues/148395"
        },
        {
          "category": "external",
          "summary": "https://github.com/python/cpython/pull/148396",
          "url": "https://github.com/python/cpython/pull/148396"
        },
        {
          "category": "external",
          "summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/",
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3/"
        }
      ],
      "release_date": "2026-04-13T17:15:47.606000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-19T13:35:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19064"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:python-unversioned-command-0:3.12.13-2.el10_2.noarch",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-devel-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3-tkinter-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "AppStream-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3-libs-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-0:3.12.13-2.el10_2.src",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "BaseOS-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-debug-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-idle-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3-test-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debuginfo-0:3.12.13-2.el10_2.x86_64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.aarch64",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.ppc64le",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.s390x",
            "CRB-10.2.Z:python3.12-debugsource-0:3.12.13-2.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules"
    }
  ]
}