Safety CI > cookiecutter/cookiecutter-django

master

3 years, 9 months ago

8f12442c

Update pillow to 9.2.0 (#3799)

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

9b19891b

Update werkzeug to 2.1.2 (#3797)

No dependencies with known security vulnerabilities.

update/pre-commit-autoupdate

3 years, 9 months ago

dedd52cc

Auto-update pre-commit hooks

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

4f73cd5c

Release 2022.07.21

No dependencies with known security vulnerabilities.

pyup-update-django-compressor-3.1-to-4.0

3 years, 9 months ago

4e81545a

Update django-compressor from 3.1 to 4.0

No dependencies with known security vulnerabilities.

pyup-update-sphinx-5.0.1-to-5.0.2

3 years, 9 months ago

41635333

Update sphinx from 5.0.1 to 5.0.2

No dependencies with known security vulnerabilities.

pyup-update-sphinx-5.0.1-to-5.0.2

3 years, 9 months ago

0546a3ba

Update sphinx from 5.0.1 to 5.0.2

No dependencies with known security vulnerabilities.

pyup-update-pytest-sugar-0.9.4-to-0.9.5

3 years, 9 months ago

094eea72

Update pytest-sugar from 0.9.4 to 0.9.5

No dependencies with known security vulnerabilities.

pyup-update-pillow-9.1.1-to-9.2.0

3 years, 9 months ago

7b3d8b26

Update pillow from 9.1.1 to 9.2.0

No dependencies with known security vulnerabilities.

pyup-update-sh-1.14.2-to-1.14.3

3 years, 9 months ago

82f26e52

Update sh from 1.14.2 to 1.14.3

No dependencies with known security vulnerabilities.

pyup-update-werkzeug-2.0.3-to-2.1.2

3 years, 9 months ago

963ae03e

Update werkzeug from 2.0.3 to 2.1.2

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

4a3feb51

Update flower to 1.1.0 (#3796)

No dependencies with known security vulnerabilities.

pyup-update-flower-1.0.0-to-1.1.0

3 years, 9 months ago

139e689c

Update flower from 1.0.0 to 1.1.0

No dependencies with known security vulnerabilities.

master

3 years, 9 months ago

c7a8b649

Update view test should set user to form instance (#3776)

flower 1.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
flower	1.0.0	>=0,<2.0.0	show Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials. https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece
flower	1.0.0	<1.2.0	show Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. https://tprynn.github.io/2022/05/26/flower-vulns.html

Package

Installed

Affected

Info

flower

1.0.0

>=0,<2.0.0

show

Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials.
https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece

flower

1.0.0

<1.2.0

show

Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
https://tprynn.github.io/2022/05/26/flower-vulns.html

master

3 years, 9 months ago

9ed99098

Update Contributors

flower 1.0.0 has known security vulnerabilities.

Package	Installed	Affected	Info
flower	1.0.0	>=0,<2.0.0	show Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials. https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece
flower	1.0.0	<1.2.0	show Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. https://tprynn.github.io/2022/05/26/flower-vulns.html

Package

Installed

Affected

Info

flower

1.0.0

>=0,<2.0.0

show

Flower before 2.0.0 is vulnerable to a timing attack exploiting the `get_current_user()` functionality. This vulnerability stems from the use of non-constant time string comparison for validating HTTP basic authentication credentials.
https://github.com/mher/flower/pull/1166/commits/7f398f7eeb9d95399b6bf1905e0704646d0c4ece

flower

1.0.0

<1.2.0

show

Flower 1.1.0 and prior are vulnerable to CVE-2022-30034: All versions as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes.
https://tprynn.github.io/2022/05/26/flower-vulns.html