CVE-2018-1060
7.5
HIGH
CVSS 3.1
EPSS 1.0%
Description
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
How to fix CVE-2018-1060
To remediate CVE-2018-1060, upgrade the affected package to a fixed version below.
- Alpine/python2—upgrade to 2.7.15-r0 or later
- Alpine/python3—upgrade to 3.5.6-r0 or later
- —upgrade to 2.7.14-7 or later
Is CVE-2018-1060 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.7.15-r0
- from 0, < 3.5.6-r0
- from 0, < 2.7.14-7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |