pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update nbformat from 5.7.0 to 5.7.1
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update nbclient from 0.7.0 to 0.7.2
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update multidict from 6.0.2 to 6.0.4
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update lxml from 4.9.1 to 4.9.2
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update jsonschema from 4.17.1 to 4.17.3
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update keyring from 23.11.0 to 23.13.1
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update isort from 5.10.1 to 5.11.4
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update identify from 2.5.9 to 2.5.11
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update importlib-metadata from 5.1.0 to 6.0.0
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update gitpython from 3.1.29 to 3.1.30
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update hypothesis from 6.58.1 to 6.61.0
py 1.11.0 and GitPython 3.1.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.30 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.30 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.30 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.30 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update fire from 0.4.0 to 0.5.0
py 1.11.0 and GitPython 3.1.29 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.29 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.29 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.29 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.29 | <3.1.30 |
show Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261 |
| GitPython | 3.1.29 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update debugpy from 1.6.3 to 1.6.4
py 1.11.0 and GitPython 3.1.29 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.29 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.29 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.29 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.29 | <3.1.30 |
show Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261 |
| GitPython | 3.1.29 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update fire from 0.4.0 to 0.5.0
py 1.11.0 and GitPython 3.1.29 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.29 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.29 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.29 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.29 | <3.1.30 |
show Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261 |
| GitPython | 3.1.29 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
pyup/scheduled-update-2023-01-02
1 year, 10 months ago
Update filelock from 3.8.0 to 3.9.0
py 1.11.0 and GitPython 3.1.29 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| py | 1.11.0 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
| GitPython | 3.1.29 | <3.1.35 |
show GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions. |
| GitPython | 3.1.29 | <3.1.32 |
show GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439. |
| GitPython | 3.1.29 | <3.1.41 |
show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx |
| GitPython | 3.1.29 | <3.1.30 |
show Gitpython 3.1.30 includes a fix for CVE-2022-24439: Remote Code Execution (RCE) vulnerability due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. https://github.com/gitpython-developers/GitPython/commit/2625ed9fc074091c531c27ffcba7902771130261 |
| GitPython | 3.1.29 | <=3.1.32 |
show Gitpython 3.1.33 includes a fix for CVE-2023-40590: Untrusted search path on Windows systems leading to arbitrary code execution. https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-wfm5-v35h-vwf4 |
Python 3 badge
URL
https://pyup.io/repos/github/amor71/LiuAlgoTrader/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/amor71/LiuAlgoTrader/)
Restructured Text
.. image:: https://pyup.io/repos/github/amor71/LiuAlgoTrader/python-3-shield.svg
:target: https://pyup.io/repos/github/amor71/LiuAlgoTrader/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/amor71/LiuAlgoTrader/"><img src="https://pyup.io/repos/github/amor71/LiuAlgoTrader/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/amor71/LiuAlgoTrader/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/amor71/LiuAlgoTrader/
RDoc
{<img src="https://pyup.io/repos/github/amor71/LiuAlgoTrader/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/amor71/LiuAlgoTrader/]
pyup.io badge
URL
https://pyup.io/repos/github/amor71/LiuAlgoTrader/shield.svg
Markdown
[](https://pyup.io/repos/github/amor71/LiuAlgoTrader/)
Restructured Text
.. image:: https://pyup.io/repos/github/amor71/LiuAlgoTrader/shield.svg
:target: https://pyup.io/repos/github/amor71/LiuAlgoTrader/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/amor71/LiuAlgoTrader/"><img src="https://pyup.io/repos/github/amor71/LiuAlgoTrader/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/amor71/LiuAlgoTrader/shield.svg(Updates)!:https://pyup.io/repos/github/amor71/LiuAlgoTrader/
RDoc
{<img src="https://pyup.io/repos/github/amor71/LiuAlgoTrader/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/amor71/LiuAlgoTrader/]