"Instances of ssl.SSLSocket are vulnerable to a bypass of the TLS handshake and included protections (like certificate verification) and could lead applications to treat unencrypted data received pre-TLS-handshake that is followed by an immediate connection close as if it were post-handshake TLS encrypted data."
3.8/3.9/3.10/3.11/3.12 are vulnerable, but they're not making a 3.12 release so we have to backport it manually.
Passing a path with null bytes to the os.path.normpath() function causes the returned path to be unexpectedly truncated
at the first occurrence of null bytes within the path. Python versions before 3.11.0 didn’t truncate the path on null
This vulnerability is of severity: MEDIUM.
If allowlisting is applied before a call to os.path.normpath() is used later in the program, the allowlisting can be
circumvented if the path containing null bytes is constructed to pass the allowlist but then change to the targeted
resource after truncation.
TODO: I need to verify if pypy3 is actually affected.
Cleanup done. I've left 3.12.0_beta4_p2 around since keeping an older version of the testing branch is helpful for regression testing.