pyup-update-sentry-sdk-1.32.0-to-1.37.0
1 year, 4 months ago
Update sentry-sdk from 1.32.0 to 1.37.0
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-sentry-sdk-1.32.0-to-1.36.0
1 year, 5 months ago
Update sentry-sdk from 1.32.0 to 1.36.0
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-certifi-2023.7.22-to-2023.11.17
1 year, 5 months ago
Update certifi from 2023.7.22 to 2023.11.17
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-urllib3-2.0.6-to-2.1.0
1 year, 5 months ago
Update urllib3 from 2.0.6 to 2.1.0
Pillow 9.5.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
pyup-update-sentry-sdk-1.32.0-to-1.35.0
1 year, 5 months ago
Update sentry-sdk from 1.32.0 to 1.35.0
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-sentry-sdk-1.32.0-to-1.34.0
1 year, 5 months ago
Update sentry-sdk from 1.32.0 to 1.34.0
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-charset-normalizer-3.3.0-to-3.3.2
1 year, 5 months ago
Update charset-normalizer from 3.3.0 to 3.3.2
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-sentry-sdk-1.32.0-to-1.33.1
1 year, 5 months ago
Update sentry-sdk from 1.32.0 to 1.33.1
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-sentry-sdk-1.32.0-to-1.33.0
1 year, 5 months ago
Update sentry-sdk from 1.32.0 to 1.33.0
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-cython-3.0.3-to-3.0.5
1 year, 5 months ago
Update cython from 3.0.3 to 3.0.5
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-charset-normalizer-3.3.0-to-3.3.1
1 year, 6 months ago
Update charset-normalizer from 3.3.0 to 3.3.1
Pillow 9.5.0 and urllib3 2.0.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
| urllib3 | 2.0.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
| urllib3 | 2.0.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Affected versions of urllib3 are vulnerable to an HTTP redirect handling vulnerability that fails to remove the HTTP request body when a POST changes to a GET via 301, 302, or 303 responses. This flaw can expose sensitive request data if the origin service is compromised and redirects to a malicious endpoint, though exploitability is low when no sensitive data is used. The vulnerability affects automatic redirect behavior. It is fixed in versions 1.26.18 and 2.0.7; update or disable redirects using redirects=False. This vulnerability is specific to Python's urllib3 library. |
pyup-update-urllib3-2.0.6-to-2.0.7
1 year, 6 months ago
Update urllib3 from 2.0.6 to 2.0.7
Pillow 9.5.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
pyup-update-cython-3.0.3-to-3.0.4
1 year, 6 months ago
Update cython from 3.0.3 to 3.0.4
Pillow 9.5.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
pyup-update-pillow-9.5.0-to-10.1.0
1 year, 6 months ago
Update pillow from 9.5.0 to 10.1.0
No dependencies with known security vulnerabilities.
pyup-update-psutil-5.9.5-to-5.9.6
1 year, 6 months ago
Update psutil from 5.9.5 to 5.9.6
Pillow 9.5.0 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| Pillow | 9.5.0 | >=2.5.0,<10.0.1 |
show Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability. https://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function. |
| Pillow | 9.5.0 | <10.3.0 |
show Pillow 10.3.0 introduces a security update addressing CVE-2024-28219 by replacing certain functions with strncpy to prevent buffer overflow issues. |
| Pillow | 9.5.0 | <10.2.0 |
show Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code. https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html |
| Pillow | 9.5.0 | <10.0.0 |
show Pillow 10.0.0 includes a fix for CVE-2023-44271: Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. https://github.com/python-pillow/Pillow/pull/7244 |
Python 3 badge
URL
https://pyup.io/repos/github/Kataiser/tf2-rich-presence/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/Kataiser/tf2-rich-presence/)
Restructured Text
.. image:: https://pyup.io/repos/github/Kataiser/tf2-rich-presence/python-3-shield.svg
:target: https://pyup.io/repos/github/Kataiser/tf2-rich-presence/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/Kataiser/tf2-rich-presence/"><img src="https://pyup.io/repos/github/Kataiser/tf2-rich-presence/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/Kataiser/tf2-rich-presence/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/Kataiser/tf2-rich-presence/
RDoc
{<img src="https://pyup.io/repos/github/Kataiser/tf2-rich-presence/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/Kataiser/tf2-rich-presence/]
pyup.io badge
URL
https://pyup.io/repos/github/Kataiser/tf2-rich-presence/shield.svg
Markdown
[](https://pyup.io/repos/github/Kataiser/tf2-rich-presence/)
Restructured Text
.. image:: https://pyup.io/repos/github/Kataiser/tf2-rich-presence/shield.svg
:target: https://pyup.io/repos/github/Kataiser/tf2-rich-presence/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/Kataiser/tf2-rich-presence/"><img src="https://pyup.io/repos/github/Kataiser/tf2-rich-presence/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/Kataiser/tf2-rich-presence/shield.svg(Updates)!:https://pyup.io/repos/github/Kataiser/tf2-rich-presence/
RDoc
{<img src="https://pyup.io/repos/github/Kataiser/tf2-rich-presence/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/Kataiser/tf2-rich-presence/]