pyup-update-pytest-3.4.0-to-6.0.2
4 years, 10 months ago
Update pytest from 3.4.0 to 6.0.2
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-tox-3.2.1-to-3.20.0
4 years, 10 months ago
Update tox from 3.2.1 to 3.20.0
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-ipython-6.5.0-to-7.18.1
4 years, 10 months ago
Update ipython from 6.5.0 to 7.18.1
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-ipython-6.5.0-to-7.18.0
4 years, 10 months ago
Update ipython from 6.5.0 to 7.18.0
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-cryptography-2.3.1-to-3.1
4 years, 10 months ago
Update cryptography from 2.3.1 to 3.1
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-pylint-2.1.1-to-2.6.0
4 years, 10 months ago
Update pylint from 2.1.1 to 2.6.0
PyYAML 3.13 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-sphinx-1.6.6-to-3.2.1
4 years, 11 months ago
Update sphinx from 1.6.6 to 3.2.1
PyYAML 3.13 and pylint 2.1.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
pyup-update-pytest-cov-2.5.1-to-2.10.1
4 years, 11 months ago
Update pytest-cov from 2.5.1 to 2.10.1
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-coveralls-1.2.0-to-2.1.2
4 years, 11 months ago
Update coveralls from 1.2.0 to 2.1.2
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-sphinx-1.6.6-to-3.2.0
4 years, 11 months ago
Update sphinx from 1.6.6 to 3.2.0
PyYAML 3.13 and pylint 2.1.1 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
pyup-update-tox-3.2.1-to-3.19.0
4 years, 11 months ago
Update tox from 3.2.1 to 3.19.0
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-ipython-6.5.0-to-7.17.0
4 years, 11 months ago
Update ipython from 6.5.0 to 7.17.0
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-pytest-3.4.0-to-6.0.1
4 years, 11 months ago
Update pytest from 3.4.0 to 6.0.1
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-pytest-3.4.0-to-6.0.0
4 years, 11 months ago
Update pytest from 3.4.0 to 6.0.0
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
pyup-update-tox-3.2.1-to-3.18.1
4 years, 11 months ago
Update tox from 3.2.1 to 3.18.1
PyYAML 3.13, pylint 2.1.1 and Sphinx 1.6.6 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| PyYAML | 3.13 | <5.4 |
show Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. https://bugzilla.redhat.com/show_bug.cgi?id=1860466 |
| PyYAML | 3.13 | <5.3.1 |
show Pyyaml 5.3.1 includes a fix for CVE-2020-1747: A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. |
| PyYAML | 3.13 | <4 |
show Pyyaml before 4 uses ``yaml.load`` which has been assigned CVE-2017-18342. |
| pylint | 2.1.1 | <2.7.0 |
show Pylint 2.7.0 includes a fix for vulnerable regular expressions in 'pyreverse'. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| pylint | 2.1.1 | <2.13.0 |
show Pylint 2.13.0 fixes a crash when using the doc_params extension. https://github.com/PyCQA/pylint/issues/5322 |
| pylint | 2.1.1 | <2.5.0 |
show Pylint 2.5.0 no longer allows ``python -m pylint ...`` to import user code. Previously, it added the current working directory as the first element of ``sys.path``. This opened up a potential security hole where ``pylint`` would import user level code as long as that code resided in modules having the same name as stdlib or pylint's own modules. |
| pylint | 2.1.1 | >=0,<2.6.1 |
show Pylint before 2.6.1 is susceptible to a Regular Expression Denial of Service (ReDoS) vulnerability due to issues in its pyreverse component. This issue arises from certain regular expressions in pyreverse that can be exploited by causing catastrophic backtracking, significantly slowing down the service by forcing it to take a disproportionate amount of time to process inputs. This vulnerability allows attackers to use specially crafted inputs that increase the processing time exponentially, potentially leading to a service becoming inaccessible to legitimate users. https://github.com/pylint-dev/pylint/commit/5405dd5115d598fa69e49538d50ec79202b1b52e |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in inventory. https://github.com/sphinx-doc/sphinx/issues/8175 https://github.com/sphinx-doc/sphinx/commit/f7b872e673f9b359a61fd287a7338a28077840d2 |
| Sphinx | 1.6.6 | <3.3.0 |
show Sphinx 3.3.0 includes a fix for a ReDoS vulnerability in docstring. https://github.com/sphinx-doc/sphinx/issues/8172 https://github.com/sphinx-doc/sphinx/commit/f00e75278c5999f40b214d8934357fbf0e705417 |
| Sphinx | 1.6.6 | <3.0.4 |
show Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons. |
Python 3 badge
URL
https://pyup.io/repos/github/iodevs/pyresult/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/iodevs/pyresult/)
Restructured Text
.. image:: https://pyup.io/repos/github/iodevs/pyresult/python-3-shield.svg
:target: https://pyup.io/repos/github/iodevs/pyresult/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/iodevs/pyresult/"><img src="https://pyup.io/repos/github/iodevs/pyresult/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/iodevs/pyresult/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/iodevs/pyresult/
RDoc
{<img src="https://pyup.io/repos/github/iodevs/pyresult/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/iodevs/pyresult/]
pyup.io badge
URL
https://pyup.io/repos/github/iodevs/pyresult/shield.svg
Markdown
[](https://pyup.io/repos/github/iodevs/pyresult/)
Restructured Text
.. image:: https://pyup.io/repos/github/iodevs/pyresult/shield.svg
:target: https://pyup.io/repos/github/iodevs/pyresult/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/iodevs/pyresult/"><img src="https://pyup.io/repos/github/iodevs/pyresult/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/iodevs/pyresult/shield.svg(Updates)!:https://pyup.io/repos/github/iodevs/pyresult/
RDoc
{<img src="https://pyup.io/repos/github/iodevs/pyresult/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/iodevs/pyresult/]