Safety CI > athina-edu/athina

pyup-update-pytest-8.0.0-to-8.1.2

12 months ago

Update pytest from 8.0.0 to 8.1.2

idna 3.6, py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
idna	3.6	<3.7	show Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-pluggy-1.3.0-to-1.5.0

1 year ago

921f9462

Update pluggy from 1.3.0 to 1.5.0

idna 3.6, py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
idna	3.6	<3.7	show Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-peewee-3.16.3-to-3.17.3

1 year ago

d13a5041

Update peewee from 3.16.3 to 3.17.3

idna 3.6, py 1.11.0 and GitPython 3.1.40 have known security vulnerabilities.

Package

Installed

Affected

Info

idna

3.6

<3.7

show

Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-peewee-3.16.3-to-3.17.2

1 year ago

091bd929

Update peewee from 3.16.3 to 3.17.2

idna 3.6, py 1.11.0 and GitPython 3.1.40 have known security vulnerabilities.

Package

Installed

Affected

Info

idna

3.6

<3.7

show

Affected versions of Idna are vulnerable to Denial Of Service via the idna.encode(), where a specially crafted argument could lead to significant resource consumption. In version 3.7, this function has been updated to reject such inputs efficiently, minimizing resource use. A practical workaround involves enforcing a maximum domain name length of 253 characters before encoding, as the vulnerability is triggered by unusually large inputs that normal operations wouldn't encounter.

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-idna-3.6-to-3.7

1 year ago

6d33b64f

Update idna from 3.6 to 3.7

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-filelock-3.13.1-to-3.13.4

1 year ago

2c3e9038

Update filelock from 3.13.1 to 3.13.4

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-lxml-4.9.4-to-5.2.1

1 year ago

e8977c9e

Update lxml from 4.9.4 to 5.2.1

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-gitpython-3.1.40-to-3.1.43

1 year ago

72bb80cb

Update gitpython from 3.1.40 to 3.1.43

py 1.11.0 and peewee 3.16.3 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

pyup-update-lxml-4.9.4-to-5.2.0

1 year ago

8dcd259b

Update lxml from 4.9.4 to 5.2.0

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-lxml-4.9.4-to-5.1.1

1 year ago

e4c6ab9d

Update lxml from 4.9.4 to 5.1.1

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-filelock-3.13.1-to-3.13.3

1 year, 1 month ago

a9002e58

Update filelock from 3.13.1 to 3.13.3

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-filelock-3.13.1-to-3.13.2

1 year, 1 month ago

2f34d209

Update filelock from 3.13.1 to 3.13.2

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-packaging-23.2-to-24.0

1 year, 1 month ago

479c1e02

Update packaging from 23.2 to 24.0

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-pytest-8.0.0-to-8.1.1

1 year, 1 month ago

d8c73f8e

Update pytest from 8.0.0 to 8.1.1

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

pyup-update-pyparsing-3.1.1-to-3.1.2

1 year, 1 month ago

5d8b30c1

Update pyparsing from 3.1.1 to 3.1.2

py 1.11.0, peewee 3.16.3 and GitPython 3.1.40 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.11.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
peewee	3.16.3	<3.17.1	show Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management. https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5
GitPython	3.1.40	<3.1.41	show GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. #It only affects Windows users https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx

Package

Installed

Affected

Info

py

1.11.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

peewee

3.16.3

<3.17.1

show

Peewee 3.17.1 introduces enhancements to address a race condition issue by implementing stricter locking mechanisms around pool connection management.
https://github.com/coleifer/peewee/commit/ea3fb11a9c2a4b0cd958a453dd287e408477eda5

GitPython

3.1.40

<3.1.41

show

GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. 
#It only affects Windows users
https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx