pgsync icon indicating copy to clipboard operation
pgsync copied to clipboard
verified publisher icon toluaina

Python Vulnerabilities

Open MikeNikolayev opened this issue 1 year ago • 1 comments

Discussed in https://github.com/toluaina/pgsync/discussions/555

Originally posted by MikeNikolayev July 21, 2024 I installed latest tag (built 6 month ago) and found vulnerabilities list. All of them are already fixed in requirements file. Do you mind building a new tag with fixes? The list

  1. Library: idna (METADATA)

    • Vulnerability: CVE-2024-3651
    • Severity: MEDIUM
    • Status: fixed
    • Installed Version: 3.6
    • Fixed Version: 3.7
    • Title: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
    • More info: CVE-2024-3651

  2. Library: requests (METADATA)

    • Vulnerability: CVE-2024-35195
    • Severity: MEDIUM
    • Installed Version: 2.31.0
    • Fixed Version: 2.32.0
    • Title: requests: subsequent requests to the same host ignore cert verification
    • More info: CVE-2024-35195

  3. Library: sqlparse (METADATA)

    • Vulnerability: CVE-2024-4340
    • Severity: HIGH
    • Installed Version: 0.4.4
    • Fixed Version: 0.5.0
    • Title: sqlparse: parsing heavily nested list leads to denial of service
    • More info: CVE-2024-4340

  4. Library: urllib3 (METADATA)

    • Vulnerability: CVE-2024-37891
    • Severity: MEDIUM
    • Installed Version: 1.26.18
    • Fixed Version: 1.26.19, 2.2.2
    • Title: urllib3: proxy-authorization request header is not stripped during cross-origin redirects
    • More info: CVE-2024-37891

MikeNikolayev avatar Jul 22 '24 13:07 MikeNikolayev

all done and thanks for pointing this out. A new version has been published.

toluaina avatar Jul 30 '24 19:07 toluaina