Package | Installed | Affected | Info |
---|---|---|---|
py | 1.8.2 | <=1.9.0 |
show Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. |
py | 1.8.2 | <=1.11.0 |
show ** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287 |
PyYAML | 5.3.1 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
urllib3 | 1.25.6 | <1.26.18 , >=2.0.0a1,<2.0.7 |
show Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 |
urllib3 | 1.25.6 | <1.26.5 |
show Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. https://github.com/advisories/GHSA-q2q7-5pp4-w6pg |
urllib3 | 1.25.6 | <1.25.9 |
show Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. https://github.com/python/cpython/issues/83784 https://github.com/urllib3/urllib3/pull/1800 |
urllib3 | 1.25.6 | >=1.25.2,<=1.25.7 |
show The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2). See: CVE-2020-7212. |
urllib3 | 1.25.6 | <1.26.17 , >=2.0.0a1,<2.0.5 |
show Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f |
urllib3 | 1.25.6 | <=1.26.18 , >=2.0.0a1,<=2.2.1 |
show Urllib3's ProxyManager ensures that the Proxy-Authorization header is correctly directed only to configured proxies. However, when HTTP requests bypass urllib3's proxy support, there's a risk of inadvertently setting the Proxy-Authorization header, which remains ineffective without a forwarding or tunneling proxy. Urllib3 does not recognize this header as carrying authentication data, failing to remove it during cross-origin redirects. While this scenario is uncommon and poses low risk to most users, urllib3 now proactively removes the Proxy-Authorization header during cross-origin redirects as a precautionary measure. Users are advised to utilize urllib3's proxy support or disable automatic redirects to handle the Proxy-Authorization header securely. Despite these precautions, urllib3 defaults to stripping the header to safeguard users who may inadvertently misconfigure requests. |
https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/python-3-shield.svg)](https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/)
.. image:: https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/python-3-shield.svg :target: https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/ :alt: Python 3
<a href="https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/"><img src="https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/
{<img src="https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/]
https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/shield.svg
[![Updates](https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/shield.svg)](https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/)
.. image:: https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/shield.svg :target: https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/ :alt: Updates
<a href="https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/"><img src="https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/shield.svg(Updates)!:https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/
{<img src="https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/h0rn3t/fastapi-async-sqlalchemy/]