Safety CI > hpfn-d/charcoallog

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

acbee9ae

Update zipp from 0.6.0 to 3.7.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

744299dd

Update attrs from 19.1.0 to 21.4.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

77ee5800

Update vine from 1.3.0 to 5.0.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

f0d6d25d

Update sqlparse from 0.3.0 to 0.4.2

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

8b6dd6c4

Update soupsieve from 1.9.3 to 2.3.1

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

12082b53

Update six from 1.12.0 to 1.16.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

86f2679f

Update pytz from 2019.2 to 2021.3

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

46319303

Update python-decouple from 3.1 to 3.5

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

bd4475b2

Update python-dateutil from 2.8.0 to 2.8.2

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

c404316d

Update python-crontab from 2.3.8 to 2.6.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

218d4f28

Update more-itertools from 7.2.0 to 8.12.0

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

ccb2a617

Update kombu from 4.6.4 to 5.2.3

py 1.8.0 has known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

87a57163

Update importlib-metadata from 0.19 to 4.10.1

py 1.8.0 and kombu 4.6.4 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

kombu

4.6.4

<5.2.1

show

Kombu 5.2.1 updates Amazon sqs dependency 'urllib3' minimum version to 1.26.7 to include security fixes.
https://github.com/celery/kombu/commit/f3b04558fa0df4ecc383c93e0b3b300d95e17c47

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

227feede

Update djangorestframework from 3.10.2 to 3.13.1

py 1.8.0 and kombu 4.6.4 have known security vulnerabilities.

Package

Installed

Affected

Info

py

1.8.0

<=1.11.0

show

** DISPUTED ** Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled.
https://github.com/pytest-dev/py/issues/287

py

1.8.0

<=1.9.0

show

Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.

kombu

4.6.4

<5.2.1

show

Kombu 5.2.1 updates Amazon sqs dependency 'urllib3' minimum version to 1.26.7 to include security fixes.
https://github.com/celery/kombu/commit/f3b04558fa0df4ecc383c93e0b3b300d95e17c47

pyup-scheduled-update-2022-01-17

4 years, 4 months ago

d306ade6

Update django-timezone-field from 3.0 to 4.2.3

py 1.8.0, kombu 4.6.4 and djangorestframework 3.10.2 have known security vulnerabilities.

Package	Installed	Affected	Info
py	1.8.0	<=1.11.0	show DISPUTED Py throughout 1.11.0 allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data because the InfoSvnCommand argument is mishandled. https://github.com/pytest-dev/py/issues/287
py	1.8.0	<=1.9.0	show Py 1.10.0 includes a fix for CVE-2020-29651: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality.
kombu	4.6.4	<5.2.1	show Kombu 5.2.1 updates Amazon sqs dependency 'urllib3' minimum version to 1.26.7 to include security fixes. https://github.com/celery/kombu/commit/f3b04558fa0df4ecc383c93e0b3b300d95e17c47
djangorestframework	3.10.2	<3.11.2	show A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability.
djangorestframework	3.10.2	<3.15.2	show Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags.