Safety CI > aguiardafa/projeto-base-stack-django

pyup-scheduled-update-2025-09-22

1 week, 2 days ago

0ee9fe11

Update flake8 from 7.2.0 to 7.3.0

pillow 11.2.1 has known security vulnerabilities.

Package	Installed	Affected	Info
pillow	11.2.1	>=11.2.1,<11.3.0	show Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

Package

Installed

Affected

Info

pillow

11.2.1

>=11.2.1,<11.3.0

show

Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

pyup-scheduled-update-2025-09-22

1 week, 2 days ago

f6ba5169

Update django from 5.2 to 5.2.6

pillow 11.2.1 has known security vulnerabilities.

Package	Installed	Affected	Info
pillow	11.2.1	>=11.2.1,<11.3.0	show Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

Package

Installed

Affected

Info

pillow

11.2.1

>=11.2.1,<11.3.0

show

Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

pyup-scheduled-update-2025-09-22

1 week, 2 days ago

9e332d80

Update asgiref from 3.8.1 to 3.9.1

django 5.2 and pillow 11.2.1 have known security vulnerabilities.

Package	Installed	Affected	Info
django	5.2	>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22	show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
django	5.2	<4.2.21 , >=5.2a1,<5.2.1 , >=5.1.0a1,<5.1.9	show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
pillow	11.2.1	>=11.2.1,<11.3.0	show Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

Package

Installed

Affected

Info

django

5.2

>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22

show

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

django

5.2

<4.2.21 , >=5.2a1,<5.2.1 , >=5.1.0a1,<5.1.9

show

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().

pillow

11.2.1

>=11.2.1,<11.3.0

show

Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

73c10f79

Update typing-extensions from 4.13.2 to 4.15.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

3cf04663

Update setuptools from 80.3.1 to 80.9.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

16373e31

Update pyflakes from 3.3.2 to 3.4.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

e49fbe99

Update pycodestyle from 2.13.0 to 2.14.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

fc4efc0a

Update pillow from 11.2.1 to 11.3.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

4559a68a

Update flake8 from 7.2.0 to 7.3.0

pillow 11.2.1 has known security vulnerabilities.

Package	Installed	Affected	Info
pillow	11.2.1	>=11.2.1,<11.3.0	show Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

Package

Installed

Affected

Info

pillow

11.2.1

>=11.2.1,<11.3.0

show

Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

62eb7bd1

Update django from 5.2 to 5.2.6

pillow 11.2.1 has known security vulnerabilities.

Package	Installed	Affected	Info
pillow	11.2.1	>=11.2.1,<11.3.0	show Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

Package

Installed

Affected

Info

pillow

11.2.1

>=11.2.1,<11.3.0

show

Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

af6d1b04

Update asgiref from 3.8.1 to 3.9.1

django 5.2 and pillow 11.2.1 have known security vulnerabilities.

Package	Installed	Affected	Info
django	5.2	>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22	show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
django	5.2	<4.2.21 , >=5.2a1,<5.2.1 , >=5.1.0a1,<5.1.9	show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
pillow	11.2.1	>=11.2.1,<11.3.0	show Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

Package

Installed

Affected

Info

django

5.2

>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22

show

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

django

5.2

<4.2.21 , >=5.2a1,<5.2.1 , >=5.1.0a1,<5.1.9

show

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().

pillow

11.2.1

>=11.2.1,<11.3.0

show

Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

pyup-scheduled-update-2025-09-15

2 weeks, 2 days ago

eee02995

Update dj-database-url from 2.3.0 to 3.0.1

django 5.2 and pillow 11.2.1 have known security vulnerabilities.

Package	Installed	Affected	Info
django	5.2	>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22	show An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.
django	5.2	<4.2.21 , >=5.2a1,<5.2.1 , >=5.1.0a1,<5.1.9	show An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().
pillow	11.2.1	>=11.2.1,<11.3.0	show Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

Package

Installed

Affected

Info

django

5.2

>=5.2,<5.2.2 , >=5.0a1,<5.1.10 , <4.2.22

show

An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead to log injection or forgery when logs are viewed in terminals or processed by external systems.

django

5.2

<4.2.21 , >=5.2a1,<5.2.1 , >=5.1.0a1,<5.1.9

show

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when processing inputs containing large sequences of incomplete HTML tags. The template filter striptags is also vulnerable, because it is built on top of strip_tags().

pillow

11.2.1

>=11.2.1,<11.3.0

show

Affected versions of this package are vulnerable to a Buffer Overflow when saving sufficiently large compressed DDS images (>64KB with default settings). The DDS encoding functionality fails to perform bounds checking when writing to the destination buffer, leading to a heap buffer overflow condition. This vulnerability was introduced in Pillow 11.2.0 when BCn compression support for DDS format was added.

pyup-scheduled-update-2025-09-08

3 weeks, 2 days ago

3228e586

Update typing-extensions from 4.13.2 to 4.15.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-09-08

3 weeks, 2 days ago

67c8fcde

Update setuptools from 80.3.1 to 80.9.0

No dependencies with known security vulnerabilities.

pyup-scheduled-update-2025-09-08

3 weeks, 2 days ago

bb8fcc98

Update pyflakes from 3.3.2 to 3.4.0

No dependencies with known security vulnerabilities.