Skip to content
Commit fa5a9fe8 authored by Matthew Hughes's avatar Matthew Hughes
Browse files

Bump some dependencies for security fixes 

Bump `jinja`

    -> Vulnerability found in jinja2 version 3.1.3
       Vulnerability ID: 71591
       Affected spec: <3.1.4
       ADVISORY: Jinja is an extensible templating engine. The `xmlattr`
       filter in affected versions of Jinja accepts keys containing non-attribute...
       CVE-2024-34064
       For more information, please visit
       https://data.safetycli.com/v/71591/f17

Bump `anyio`

    -> Vulnerability found in anyio version 4.1.0
       Vulnerability ID: 71199
       Affected spec: <4.4.0
       ADVISORY: Anyio version 4.4.0 addresses a thread race condition in
       `_eventloop.get_asynclib()` that caused crashes when multiple event loops...
       PVE-2024-71199
       For more information, please visit
       https://data.safetycli.com/v/71199/f17

Bump `bandit`

    -> Vulnerability found in bandit version 1.7.6
       Vulnerability ID: 64484
       Affected spec: <1.7.7
       ADVISORY: Bandit 1.7.7 identifies the str.replace method as a
       potential risk for SQL injection because it can be misused in constructing...
       PVE-2024-64484
       For more information, please visit
       https://data.safetycli.com/v/64484/f17

Bump `certifi`

    -> Vulnerability found in certifi version 2023.11.17
       Vulnerability ID: 72083
       Affected spec: >=2021.05.30,<2024.07.04
       ADVISORY: Certifi affected versions recognized root certificates from
       GLOBALTRUST. Certifi patch removes these root certificates from the root...
       CVE-2024-39689
       For more information, please visit
       https://data.safetycli.com/v/72083/f17

Bump `idna`

    -> Vulnerability found in idna version 3.6
       Vulnerability ID: 67895
       Affected spec: <3.7
       ADVISORY: Affected versions of Idna are vulnerable to Denial Of
       Service via the idna.encode(), where a specially crafted argument could...
       CVE-2024-3651
       For more information, please visit
       https://data.safetycli.com/v/67895/f17

Bump `requests`

    -> Vulnerability found in requests version 2.31.0
       Vulnerability ID: 71064
       Affected spec: <2.32.2
       ADVISORY: Affected versions of Requests, when making requests through
       a Requests `Session`, if the first request is made with `verify=False` to...
       CVE-2024-35195
       For more information, please visit
       https://data.safetycli.com/v/71064/f17

Bump `setuptools`

    -> Vulnerability found in requests version 2.31.0
       Vulnerability ID: 71064
       Affected spec: <2.32.2
       ADVISORY: Affected versions of Requests, when making requests through
       a Requests `Session`, if the first request is made with `verify=False` to...
       CVE-2024-35195
       For more information, please visit
       https://data.safetycli.com/v/71064/f17

Bump `tornado`

    -> Vulnerability found in tornado version 6.4
       Vulnerability ID: 71957
       Affected spec: <=6.4.0
       ADVISORY: When Tornado receives a request with two Transfer-Encoding:
       chunked headers, it ignores them both. This enables request smuggling when...
       PVE-2024-71957
       For more information, please visit
       https://data.safetycli.com/v/71957/f17

    -> Vulnerability found in tornado version 6.4
       Vulnerability ID: 71956
       Affected spec: <6.4.1
       ADVISORY: Tornado’s curl_httpclient.CurlAsyncHTTPClient class is
       vulnerable to CRLF (carriage return/line feed) injection in the request...
       PVE-2024-71956
       For more information, please visit
       https://data.safetycli.com/v/71956/f17

Bump `urllib3`

    -> Vulnerability found in urllib3 version 2.1.0
       Vulnerability ID: 71608
       Affected spec: >=2.0.0a1,<=2.2.1
       ADVISORY: Urllib3's ProxyManager ensures that the Proxy-Authorization
       header is correctly directed only to configured proxies. However, when...
       CVE-2024-37891
       For more information, please visit
       https://data.safetycli.com/v/71608/f17

Bump `zipp`

    -> Vulnerability found in zipp version 3.17.0
       Vulnerability ID: 72132
       Affected spec: <3.19.1
       ADVISORY: A Denial of Service (DoS) vulnerability exists in the
       jaraco/zipp library. The vulnerability is triggered when processing a...
       CVE-2024-5569
       For more information, please visit
       https://data.safetycli.com/v/72132/f17

Bump `virutalenv`

    -> Vulnerability found in virtualenv version 20.25.0
       Vulnerability ID: 73456
       Affected spec: <20.26.6
       ADVISORY: Affected versions of the virtualenv package are vulnerable to command injection. This vulnerability could allow an attacker to execute arbitrary commands by exploiting improperly quoted string placeholders in activation scripts. The vulnerable functions include
       various shell activation scripts where placeholders like __VIRTUAL_ENV__ are used. The exploitability depends on the ability to control the input to these placeholders. Users are advised to update to the version where a quoting mechanism has been implemented to mitigate this...
       PVE-2024-73456
       For more information, please visit https://data.safetycli.com/v/73456/f17
parent 13261607
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment