Updated: 2025-08-20 02:55:32.354595
Description:
library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 5.0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| EL 7 | python | 3.6 | 7.5 | HIGH | Not Vulnerable | 2025-07-22 00:45:30 | ||
| EL 8 | python | 3.6 | 7.5 | HIGH | Not Vulnerable | 2025-07-22 00:45:30 | ||
| EL 9 | python | 3.6 | 7.5 | HIGH | Not Vulnerable | 2025-07-22 00:45:30 | ||
| Ubuntu 16.04 | python | 3.6 | 7.5 | HIGH | Released | CLSA-2025:1759251845 | 2025-10-01 01:40:56 | |
| Ubuntu 18.04 | python | 3.6 | 7.5 | HIGH | Released | CLSA-2025:1759251914 | 2025-10-01 01:40:55 | |
| Ubuntu 20.04 | python | 3.6 | 7.5 | HIGH | Released | CLSA-2025:1759251979 | 2025-10-01 01:40:53 | |
| Ubuntu 22.04 | python | 3.6 | 7.5 | HIGH | Released | CLSA-2025:1759252040 | 2025-10-01 01:40:58 | |
| Ubuntu 24.04 | python | 3.6 | 7.5 | HIGH | Released | CLSA-2025:1759252335 | 2025-10-01 01:40:54 |