There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
Conclusion & alert: CVE-2024-7592 is rated High Exploit Risk (74.8/100): CVSS High severity, with medium exploitation likelihood (EPSS 2.30%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +1.42% over the last day, indicating growing attacker interest. Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.88% | 2.30% | +1.42% |
| 2 | 2026-05-24 | 0.80% | 0.88% | +0.09% |
| 3 | 2026-04-29 | — | 0.80% | — |
Full EPSS history (31 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | [email protected] |
| 7.5 | 3.1 | HIGH |
|
3.9 | 3.6 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| vendor | priority | summary | link |
|---|---|---|---|
alpine
|
— | CVE-2024-7592: 2 source package rows (py3-tornado, python3); 8 state rows across 8 repos (3.17-main, 3.18-main, 3.19-main, 3.20-community, 3.20-main, 3.21-main, 3.22-main, edge-main); fixed 8, open 0. | https://security.alpinelinux.org/vuln/CVE-2024-7592 |
debian
|
not yet assigned | CVE-2024-7592 not yet assigned priority: Debian including 4 source packages (pypy3, python3.11, python3.13, python3.9), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 9, open 1. | https://security-tracker.debian.org/tracker/CVE-2024-7592 |
gentoo
|
high | CVE-2024-7592: 1 GLSA(s) (202506-07), 2 atom(s) (dev-lang/pypy, dev-lang/python); latest impact high. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2024-7592 |
redhat
|
low | — | https://access.redhat.com/security/cve/CVE-2024-7592 |
suse
|
medium | CVE-2024-7592 severity moderate: SUSE including 615 source package names (0.0.17-1.1:libpython3_11-1_0-3.11.10-150600.3.6.1, 0.0.17-1.1:libpython3_6m1_0-3.6.15-150300.10.72.1, …), 2574 product×package rows across 411 product lines (Container bci/bci-sle15-kernel-module-devel, Container bci/kiwi, … (411 product lines)): Fixed 2336, Known Affected 221, First Fixed 15, Will Not Fix 2. | https://www.suse.com/security/cve/CVE-2024-7592/ |
ubuntu
|
low | CVE-2024-7592 low priority: Ubuntu including 11 source packages (python2.7, python3.10, …), 86 status rows across 10 suites (bionic, focal, jammy, noble, oracular, plucky, questing, trusty, upstream, xenial): DNE 55, needs-triage 13, released 12, not-affected 4, ignored 2. | https://ubuntu.com/security/CVE-2024-7592 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| python | python | < 3.8.20 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | >= 3.9.0, < 3.9.20 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | >= 3.10.0, < 3.10.15 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | >= 3.11.0, < 3.11.10 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | >= 3.12.0, < 3.12.6 | cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:alpha0:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:alpha1:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:alpha2:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:alpha3:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:alpha4:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:alpha5:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:alpha6:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:beta1:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:beta2:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:beta3:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:beta4:*:*:*:*:*:* |
| python | python | 3.13.0 | cpe:2.3:a:python:python:3.13.0:rc1:*:*:*:*:*:* |