Safety CI > glichtner/fsh-validator

main

3 years, 2 months ago

33ca7771

updated tox

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

cdc5c0db

updated tox

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

0e7440fc

updated tox

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

8841239a

updated tox

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

6a314d0a

added empty test

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

d04aa390

updated gh workflow

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

6da9030b

updated gh workflow

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

c8cb63fe

updated gh workflow

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

2ed38c15

updated gh workflow

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

67e16a8f

updated gh workflow

No dependencies with known security vulnerabilities.

main

3 years, 2 months ago

78b78381

bump2version: no tagging

No dependencies with known security vulnerabilities.

fix/profiles-unknown

3 years, 2 months ago

30e78dab

fixed validation with unknown profiles

No dependencies with known security vulnerabilities.

speedup

3 years, 2 months ago

5b1f0460

delete requirements_dev.txt

No dependencies with known security vulnerabilities.

speedup

3 years, 2 months ago

ae6b8844

added workflow

wheel 0.37.1 has known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Package

Installed

Affected

Info

wheel

0.37.1

<0.46.2

show

Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.

wheel

0.37.1

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

speedup

3 years, 2 months ago

b94a2a3c

batch processing

wheel 0.37.1 has known security vulnerabilities.

Package	Installed	Affected	Info
wheel	0.37.1	<0.46.2	show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.
wheel	0.37.1	<0.38.1	show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages

Package

Installed

Affected

Info

wheel

0.37.1

<0.46.2

show

Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory.

wheel

0.37.1

<0.38.1

show

Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages