| Package | Installed | Affected | Info |
|---|---|---|---|
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
| Package | Installed | Affected | Info |
|---|---|---|---|
| wheel | 0.46.1 | <0.46.2 |
show Affected versions of the wheel package are vulnerable to Path Traversal due to applying extracted file permissions using an unsanitized archive pathname. The vulnerable logic is in wheel.cli.unpack.unpack (and setuptools._vendor.wheel.cli.unpack.unpack), where the code calls wf.extract(zinfo, destination) but then performs destination.joinpath(zinfo.filename).chmod(permissions) using zinfo.filename directly, allowing dot-dot-slash sequences to escape the intended directory. |
| cryptography | 43.0.3 | <46.0.5 |
show Affected versions of the cryptography package are vulnerable to Improper Input Validation due to missing prime-order subgroup validation for SECT elliptic-curve points. The public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() entry points accept attacker-supplied public keys without verifying that the provided point lies in the expected prime-order subgroup, enabling small-subgroup points to pass as valid. |
| cryptography | 43.0.3 | >=42.0.0,<44.0.1 |
show Pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 42.0.0-44.0.0 are vulnerable to a security issue. |
https://pyup.io/repos/github/vertexproject/vtx-base-image/python-3-shield.svg
[](https://pyup.io/repos/github/vertexproject/vtx-base-image/)
.. image:: https://pyup.io/repos/github/vertexproject/vtx-base-image/python-3-shield.svg
:target: https://pyup.io/repos/github/vertexproject/vtx-base-image/
:alt: Python 3
<a href="https://pyup.io/repos/github/vertexproject/vtx-base-image/"><img src="https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg" alt="Python 3" /></a>
!https://pyup.io/repos/github/vertexproject/vtx-base-image/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/vertexproject/vtx-base-image/
{<img src="https://pyup.io/repos/github/vertexproject/vtx-base-image/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/vertexproject/vtx-base-image/]
https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg
[](https://pyup.io/repos/github/vertexproject/vtx-base-image/)
.. image:: https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg
:target: https://pyup.io/repos/github/vertexproject/vtx-base-image/
:alt: Updates
<a href="https://pyup.io/repos/github/vertexproject/vtx-base-image/"><img src="https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg" alt="Updates" /></a>
!https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg(Updates)!:https://pyup.io/repos/github/vertexproject/vtx-base-image/
{<img src="https://pyup.io/repos/github/vertexproject/vtx-base-image/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/vertexproject/vtx-base-image/]