Package | Installed | Affected | Info |
---|---|---|---|
wheel | 0.37.1 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
Package | Installed | Affected | Info |
---|---|---|---|
wheel | 0.37.1 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
Package | Installed | Affected | Info |
---|---|---|---|
wheel | 0.37.1 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
Package | Installed | Affected | Info |
---|---|---|---|
wheel | 0.37.1 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
Package | Installed | Affected | Info |
---|---|---|---|
wheel | 0.37.1 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
Package | Installed | Affected | Info |
---|---|---|---|
wheel | 0.37.1 | <0.38.1 |
show Wheel 0.38.1 includes a fix for CVE-2022-40898: An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli. https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
cookiecutter | 1.7.3 | <2.1.1 |
show Cookiecutter 2.1.1 includes a fix for CVE-2022-24065: Cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
python-semantic-release | 7.24.0 | <9.4.2 |
show Versions of Python-semantic-release prior to 9.4.2 are capable of establishing HTTP connections if so configured, potentially exposing the connection to security risks due . |
python-semantic-release | 7.24.0 | <9.8.8 |
show Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. #NOTE: This only affects Windows users. |
https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/python-3-shield.svg
[![Python 3](https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/python-3-shield.svg)](https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/)
.. image:: https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/python-3-shield.svg :target: https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/ :alt: Python 3
<a href="https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/"><img src="https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/
{<img src="https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/]
https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/shield.svg
[![Updates](https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/shield.svg)](https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/)
.. image:: https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/shield.svg :target: https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/ :alt: Updates
<a href="https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/"><img src="https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/shield.svg(Updates)!:https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/
{<img src="https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/imAsparky/cookiecutter-py3-package/]