Safety CI > crim-ca/weaver

fix-workflow-cli-deploy

1 year, 11 months ago

46c0dc1c

update changelog

No dependencies with known security vulnerabilities.

fix-workflow-cli-deploy

1 year, 11 months ago

bbd5e0d0

fix test

No dependencies with known security vulnerabilities.

fix-workflow-cli-deploy

1 year, 11 months ago

e6c15478

fix settings in client for local process workflow step URL resolution (fixes https://github.com/crim

No dependencies with known security vulnerabilities.

html-responses

1 year, 11 months ago

4bc301bf

add glossary details

pyramid 2.0.2 has known security vulnerabilities.

Package	Installed	Affected	Info

html-responses

1 year, 11 months ago

da6cc79c

openapi JSON redirect from swagger-ui with accept/format (fixes #623)

pyramid 2.0.2 has known security vulnerabilities.

Package	Installed	Affected	Info

html-responses

1 year, 11 months ago

3a70b4f1

[wip] refactor accept view decorators

pyramid 2.0.2 has known security vulnerabilities.

Package	Installed	Affected	Info

html-responses

1 year, 11 months ago

b1e77913

temporary revert cornice.Service.pyramid_route for route_prefix to resolve multi-config issue in tes

No dependencies with known security vulnerabilities.

html-responses

1 year, 11 months ago

8488f02d

add basic tests for HTML process views

No dependencies with known security vulnerabilities.

html-responses

1 year, 11 months ago

7a56d253

Merge remote-tracking branch 'origin/master' into html-responses

No dependencies with known security vulnerabilities.

master

1 year, 11 months ago

f8cbc2c3

Merge pull request #625 from crim-ca/summary-links

No dependencies with known security vulnerabilities.

summary-links

1 year, 11 months ago

81e1c618

add tests for immutable process update and summary links

No dependencies with known security vulnerabilities.

html-responses

1 year, 11 months ago

b7564cc5

Merge remote-tracking branch 'origin/master' into html-responses

No dependencies with known security vulnerabilities.

html-responses

1 year, 11 months ago

5dd58719

address some inconsistencies in HTTP Accept header / format query negociation and use in tests

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<26.0	show Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

html-responses

1 year, 11 months ago

013a0425

better unification of styles between HTML processes listing and description pages

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<26.0	show Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

html-responses

1 year, 11 months ago

00615d19

HTML detailed rendering for process description

pip 24.0 has known security vulnerabilities.

Package	Installed	Affected	Info
pip	24.0	<25.2	show Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.
pip	24.0	<26.0	show Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.
pip	24.0	<25.0	show Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.

Package

Installed

Affected

Info

pip

24.0

<25.2

show

Affected versions of the pip package are vulnerable to Arbitrary File Overwrite due to improper validation of symbolic link targets in the fallback tar extraction code. In src/pip/_internal/utils/unpacking.py, the _untar_without_filter routine used when the Python tarfile module lacks PEP 706 (no tarfile.data_filter) extracted symlink members with tar._extract_member without verifying that link destinations resolve under the extraction root, a check later added via the is_symlink_target_in_tar helper.

pip

24.0

<26.0

show

Affected versions of the pip package are vulnerable to Path Traversal due to an incorrect directory containment check when extracting wheel archives. In src/pip/_internal/utils/unpacking.py, the is_within_directory() helper used os.path.commonprefix() (character-by-character) to compare directory and target paths, allowing crafted paths like a parent-directory substring match to be treated as safely inside the installation directory.

pip

24.0

<25.0

show

Pip solves a security vulnerability that previously allowed maliciously crafted wheel files to execute unauthorized code during installation.