gevent-1.3.6-cp37-cp37m-manylinux1_x86_64.whl: 1 vulnerabilities (highest severity is: 9.8)

Open mend-bolt-for-github[bot] opened this issue 1 year ago • 0 comments

Vulnerable Library - gevent-1.3.6-cp37-cp37m-manylinux1_x86_64.whl

Coroutine-based network library

Path to dependency file: /embedding/requirements.txt

Path to vulnerable library: /embedding/requirements.txt

Vulnerabilities

Vulnerability	Severity	CVSS	Dependency	Type	Fixed in (gevent version)	Remediation Possible**
CVE-2023-41419	Critical	9.8	gevent-1.3.6-cp37-cp37m-manylinux1_x86_64.whl	Direct	23.9.0	❌

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

CVE-2023-41419

Coroutine-based network library

Path to dependency file: /embedding/requirements.txt

Path to vulnerable library: /embedding/requirements.txt

Dependency Hierarchy:

Found in base branch: main

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

Publish Date: 2023-09-25

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Type: Upgrade version

Release Date: 2023-09-25

Fix Resolution: 23.9.0

Step up your Open Source Security Game with Mend here

Sep 18 '24 06:09 mend-bolt-for-github[bot]