BIT-libpython-2025-6075

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/libpython/BIT-libpython-2025-6075.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-libpython-2025-6075
Aliases
Published
2025-12-05T11:08:28.184Z
Modified
2026-04-10T11:46:26.936884Z
Summary
Quadratic complexity in os.path.expandvars() with user-controlled template
Details

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Database specific 
{
    "severity": "Low",
    "cpes": [
        "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
    ]
}
References

Affected packages

Bitnami / libpython

Package

Name
libpython
Purl
pkg:bitnami/libpython

Severity

  • 1.8 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.9.25
Introduced
3.10.0
Fixed
3.10.20
Introduced
3.11.0
Fixed
3.11.15
Introduced
3.12.0
Fixed
3.12.13
Introduced
3.13.0
Fixed
3.13.10
Introduced
3.14.0
Fixed
3.14.1

Database specific

source 
"https://github.com/bitnami/vulndb/tree/main/data/libpython/BIT-libpython-2025-6075.json"