CVE-2019-17514

Updated: 2025-08-20 02:55:32.354595

Description:

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5.0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
Alpine Linux 3.22 python 3.6 7.5 HIGH Released CLSA-2026:1769524909 2026-01-27 16:42:41
Debian 10 python 3.6 7.5 HIGH Released CLSA-2025:1759247273 2025-10-01 01:26:41
Debian 11 python 3.6 7.5 HIGH Released CLSA-2025:1759247378 2025-10-01 01:26:39
Debian 12 python 3.7 7.5 HIGH Not Vulnerable 2025-11-21 15:04:09
Debian 12 python 3.6 7.5 HIGH Released CLSA-2025:1759247489 2025-10-01 01:26:38
Debian 12 python 3.8 7.5 HIGH Not Vulnerable 2025-11-21 15:04:08
Debian 13 python 3.6 7.5 HIGH Released CLSA-2025:1759247594 2025-10-01 01:12:47
Debian 13 python 3.8 7.5 HIGH Not Vulnerable 2025-11-21 15:04:10
Debian 13 python 3.7 7.5 HIGH Not Vulnerable 2025-11-21 15:04:10
EL 10 python 3.6 7.5 HIGH Already Fixed 2025-10-29 18:42:41
Total: 18