Safety CI > apihackers/docker-pelican

pyup/update-markdown-3.3.4-to-3.10.2

4 days, 10 hours ago

64eebc2b

Update markdown from 3.3.4 to 3.10.2

pygments 2.10.0 and weasyprint 53.3 have known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2
weasyprint	53.3	<68.0	show Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

weasyprint

53.3

<68.0

show

Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

pyup/update-weasyprint-53.3-to-68.1

1 week ago

7f7185d9

Update weasyprint from 53.3 to 68.1

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-babel-2.9.1-to-2.18.0

1 week, 5 days ago

337cec6d

Update babel from 2.9.1 to 2.18.0

pygments 2.10.0 and weasyprint 53.3 have known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2
weasyprint	53.3	<68.0	show Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

weasyprint

53.3

<68.0

show

Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

pyup/update-markdown-3.3.4-to-3.10.1

3 weeks, 2 days ago

cfd9a36a

Update markdown from 3.3.4 to 3.10.1

pygments 2.10.0 and weasyprint 53.3 have known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2
weasyprint	53.3	<68.0	show Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

weasyprint

53.3

<68.0

show

Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

pyup/update-weasyprint-53.3-to-68.0

3 weeks, 4 days ago

a4bababe

Update weasyprint from 53.3 to 68.0

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.4

1 month, 1 week ago

69c179fd

Update cython from 0.29.24 to 3.2.4

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.3

2 months ago

77fe60cf

Update cython from 0.29.24 to 3.2.3

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-weasyprint-53.3-to-67.0

2 months, 1 week ago

7d976373

Update weasyprint from 53.3 to 67.0

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.2

2 months, 2 weeks ago

1ef22425

Update cython from 0.29.24 to 3.2.2

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.1

3 months ago

c1412091

Update cython from 0.29.24 to 3.2.1

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.0

3 months, 1 week ago

83415b19

Update cython from 0.29.24 to 3.2.0

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-markdown-3.3.4-to-3.10

3 months, 1 week ago

38db205b

Update markdown from 3.3.4 to 3.10

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-pelican-4.7.0-to-4.11.0.post0

3 months, 2 weeks ago

c2318a67

Update pelican from 4.7.0 to 4.11.0.post0

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.1.6

3 months, 3 weeks ago

3db8c5d9

Update cython from 0.29.24 to 3.1.6

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.1.5

3 months, 3 weeks ago

0768075a

Update cython from 0.29.24 to 3.1.5

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2