pyup-update-requests-2.25.1-to-2.31.0
2 years, 3 months ago
Update requests from 2.25.1 to 2.31.0
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-google-auth-1.32.1-to-2.18.1
2 years, 3 months ago
Update google-auth from 1.32.1 to 2.18.1
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-protobuf-3.17.3-to-4.23.1
2 years, 3 months ago
Update protobuf from 3.17.3 to 4.23.1
certifi 2021.5.30 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-google-auth-1.32.1-to-2.18.0
2 years, 4 months ago
Update google-auth from 1.32.1 to 2.18.0
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-protobuf-3.17.3-to-4.23.0
2 years, 4 months ago
Update protobuf from 3.17.3 to 4.23.0
certifi 2021.5.30 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-certifi-2021.5.30-to-2023.5.7
2 years, 4 months ago
Update certifi from 2021.5.30 to 2023.5.7
protobuf 3.17.3 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
pyup-update-protobuf-3.17.3-to-4.22.4
2 years, 4 months ago
Update protobuf from 3.17.3 to 4.22.4
certifi 2021.5.30 has known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-urllib3-1.26.6-to-2.0.2
2 years, 4 months ago
Update urllib3 from 1.26.6 to 2.0.2
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-requests-2.25.1-to-2.30.0
2 years, 4 months ago
Update requests from 2.25.1 to 2.30.0
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-urllib3-1.26.6-to-2.0.1
2 years, 4 months ago
Update urllib3 from 1.26.6 to 2.0.1
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-urllib3-1.26.6-to-2.0.0
2 years, 4 months ago
Update urllib3 from 1.26.6 to 2.0.0
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-requests-2.25.1-to-2.29.0
2 years, 4 months ago
Update requests from 2.25.1 to 2.29.0
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-pyasn1-modules-0.2.8-to-0.3.0
2 years, 4 months ago
Update pyasn1-modules from 0.2.8 to 0.3.0
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-pyasn1-0.4.8-to-0.5.0
2 years, 4 months ago
Update pyasn1 from 0.4.8 to 0.5.0
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
pyup-update-google-api-python-client-2.84.0-to-2.86.0
2 years, 4 months ago
Update google-api-python-client from 2.84.0 to 2.86.0
protobuf 3.17.3 and certifi 2021.5.30 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| protobuf | 3.17.3 | <4.25.8 , >=5.26.0rc1,<5.29.5 , >=6.30.0rc1,<6.31.1 |
show Affected versions of this package are vulnerable to a potential Denial of Service (DoS) attack due to unbounded recursion when parsing untrusted Protocol Buffers data. The pure-Python implementation fails to enforce recursion depth limits when processing recursive groups, recursive messages, or a series of SGROUP tags, leading to stack overflow conditions that can crash the application by exceeding Python's recursion limit. |
| protobuf | 3.17.3 | <3.18.3 , >=3.19.0rc0,<3.19.5 , >=3.20.0rc0,<3.20.2 , >=4.0.0rc0,<4.21.6 |
show Protobuf 3.18.3, 3.19.5, 3.20.2 and 4.21.6 include a fix for CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf |
| certifi | 2021.5.30 | >=2015.04.28,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| certifi | 2021.5.30 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2021.5.30 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
Python 3 badge
URL
https://pyup.io/repos/github/jonaylor89/chronos/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/jonaylor89/chronos/)
Restructured Text
.. image:: https://pyup.io/repos/github/jonaylor89/chronos/python-3-shield.svg
:target: https://pyup.io/repos/github/jonaylor89/chronos/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/jonaylor89/chronos/"><img src="https://pyup.io/repos/github/jonaylor89/chronos/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/jonaylor89/chronos/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/jonaylor89/chronos/
RDoc
{<img src="https://pyup.io/repos/github/jonaylor89/chronos/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/jonaylor89/chronos/]
pyup.io badge
URL
https://pyup.io/repos/github/jonaylor89/chronos/shield.svg
Markdown
[](https://pyup.io/repos/github/jonaylor89/chronos/)
Restructured Text
.. image:: https://pyup.io/repos/github/jonaylor89/chronos/shield.svg
:target: https://pyup.io/repos/github/jonaylor89/chronos/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/jonaylor89/chronos/"><img src="https://pyup.io/repos/github/jonaylor89/chronos/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/jonaylor89/chronos/shield.svg(Updates)!:https://pyup.io/repos/github/jonaylor89/chronos/
RDoc
{<img src="https://pyup.io/repos/github/jonaylor89/chronos/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/jonaylor89/chronos/]