Safety CI > apihackers/docker-pelican

pyup/update-markdown-3.3.4-to-3.10.1

9 hours ago

cfd9a36a

Update markdown from 3.3.4 to 3.10.1

pygments 2.10.0 and weasyprint 53.3 have known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2
weasyprint	53.3	<68.0	show Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

weasyprint

53.3

<68.0

show

Affected versions of the weasyprint package are vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of redirect destinations in the URL fetching mechanism. The default_url_fetcher function in weasyprint/urls.py relies on Python's urllib.request.urlopen, which automatically follows HTTP redirects (301, 302, 307) without re-invoking the developer's custom url_fetcher validation logic, creating a Time-of-Check to Time-of-Use (TOCTOU) condition. An attacker can supply an external URL that passes initial security checks but redirects to internal network resources such as localhost services or cloud metadata endpoints, enabling exfiltration of sensitive data, including instance credentials.

pyup/update-weasyprint-53.3-to-68.0

2 days, 13 hours ago

a4bababe

Update weasyprint from 53.3 to 68.0

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.4

2 weeks, 3 days ago

69c179fd

Update cython from 0.29.24 to 3.2.4

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.3

1 month, 1 week ago

77fe60cf

Update cython from 0.29.24 to 3.2.3

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-weasyprint-53.3-to-67.0

1 month, 2 weeks ago

7d976373

Update weasyprint from 53.3 to 67.0

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.2

1 month, 3 weeks ago

1ef22425

Update cython from 0.29.24 to 3.2.2

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.1

2 months, 1 week ago

c1412091

Update cython from 0.29.24 to 3.2.1

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.2.0

2 months, 2 weeks ago

83415b19

Update cython from 0.29.24 to 3.2.0

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-markdown-3.3.4-to-3.10

2 months, 2 weeks ago

38db205b

Update markdown from 3.3.4 to 3.10

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-pelican-4.7.0-to-4.11.0.post0

2 months, 3 weeks ago

c2318a67

Update pelican from 4.7.0 to 4.11.0.post0

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.1.6

3 months ago

3db8c5d9

Update cython from 0.29.24 to 3.1.6

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.1.5

3 months ago

0768075a

Update cython from 0.29.24 to 3.1.5

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-invoke-1.6.0-to-2.2.1

3 months, 1 week ago

30e10c61

Update invoke from 1.6.0 to 2.2.1

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-pyyaml-5.4.1-to-6.0.3

3 months, 4 weeks ago

aa072bac

Update pyyaml from 5.4.1 to 6.0.3

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

pyup/update-cython-0.29.24-to-3.1.4

4 months, 1 week ago

74a12af5

Update cython from 0.29.24 to 3.1.4

pygments 2.10.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pygments	2.10.0	<2.15.0	show Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2

Package

Installed

Affected

Info

pygments

2.10.0

<2.15.0

show

Pygments 2.15.0 includes a fix for CVE-2022-40896: The regular expressions used when parsing Smithy, SQL/SQL+Jinja, and Java properties files were discovered to be vulnerable. As a result, pygmentizing a maliciously-crafted file of these kinds would have resulted in high resources consumption or crashing of the application.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2