pyup-update-boto3-1.25.4-to-1.26.39
3 years, 4 months ago
Update boto3 from 1.25.4 to 1.26.39
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-boto3-1.25.4-to-1.26.38
3 years, 4 months ago
Update boto3 from 1.25.4 to 1.26.38
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-botocore-1.28.4-to-1.29.38
3 years, 4 months ago
Update botocore from 1.28.4 to 1.29.38
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-coverage-6.5.0-to-7.0.1
3 years, 4 months ago
Update coverage from 6.5.0 to 7.0.1
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-exceptiongroup-1.0.0-to-1.1.0
3 years, 4 months ago
Update exceptiongroup from 1.0.0 to 1.1.0
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-django-storages-1.13.1-to-1.13.2
3 years, 4 months ago
Update django-storages from 1.13.1 to 1.13.2
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-botocore-1.28.4-to-1.29.37
3 years, 4 months ago
Update botocore from 1.28.4 to 1.29.37
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-boto3-1.25.4-to-1.26.37
3 years, 4 months ago
Update boto3 from 1.25.4 to 1.26.37
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-botocore-1.28.4-to-1.29.36
3 years, 4 months ago
Update botocore from 1.28.4 to 1.29.36
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-boto3-1.25.4-to-1.26.36
3 years, 4 months ago
Update boto3 from 1.25.4 to 1.26.36
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-botocore-1.28.4-to-1.29.35
3 years, 4 months ago
Update botocore from 1.28.4 to 1.29.35
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-boto3-1.25.4-to-1.26.35
3 years, 4 months ago
Update boto3 from 1.25.4 to 1.26.35
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-attrs-22.1.0-to-22.2.0
3 years, 4 months ago
Update attrs from 22.1.0 to 22.2.0
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-botocore-1.28.4-to-1.29.34
3 years, 4 months ago
Update botocore from 1.28.4 to 1.29.34
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
pyup-update-boto3-1.25.4-to-1.26.34
3 years, 4 months ago
Update boto3 from 1.25.4 to 1.26.34
certifi 2022.9.24, setuptools 65.5.0 and certifi 2022.9.24 have known security vulnerabilities.
| Package | Installed | Affected | Info |
|---|---|---|---|
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
| setuptools | 65.5.0 | <70.0.0 |
show Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. |
| setuptools | 65.5.0 | <65.5.1 |
show Setuptools 65.5.1 includes a fix for CVE-2022-40897: Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. |
| setuptools | 65.5.0 | <78.1.1 |
show Affected versions of Setuptools are vulnerable to Path Traversal via PackageIndex.download(). The impact is Arbitrary File Overwrite: An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to RCE depending on the context. |
| certifi | 2022.9.24 | <2022.12.07 |
show Certifi 2022.12.07 includes a fix for CVE-2022-23491: Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion. |
| certifi | 2022.9.24 | >=2021.05.30,<2024.07.04 |
show Certifi affected versions recognized root certificates from GLOBALTRUST. Certifi patch removes these root certificates from the root store. These certificates are being removed pursuant to an investigation that identified "long-running and unresolved compliance issues" and are also in the process of being removed from Mozilla's trust store. |
| certifi | 2022.9.24 | >=1.0.1,<2023.07.22 |
show Certifi 2023.07.22 includes a fix for CVE-2023-37920: Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 |
Python 3 badge
URL
https://pyup.io/repos/github/wherculano/curso-django/python-3-shield.svg
Markdown
[](https://pyup.io/repos/github/wherculano/curso-django/)
Restructured Text
.. image:: https://pyup.io/repos/github/wherculano/curso-django/python-3-shield.svg
:target: https://pyup.io/repos/github/wherculano/curso-django/
:alt: Python 3
HTML
<a href="https://pyup.io/repos/github/wherculano/curso-django/"><img src="https://pyup.io/repos/github/wherculano/curso-django/shield.svg" alt="Python 3" /></a>
Textile
!https://pyup.io/repos/github/wherculano/curso-django/python-3-shield.svg(Python 3)!:https://pyup.io/repos/github/wherculano/curso-django/
RDoc
{<img src="https://pyup.io/repos/github/wherculano/curso-django/python-3-shield.svg" alt="Python 3" />}[https://pyup.io/repos/github/wherculano/curso-django/]
pyup.io badge
URL
https://pyup.io/repos/github/wherculano/curso-django/shield.svg
Markdown
[](https://pyup.io/repos/github/wherculano/curso-django/)
Restructured Text
.. image:: https://pyup.io/repos/github/wherculano/curso-django/shield.svg
:target: https://pyup.io/repos/github/wherculano/curso-django/
:alt: Updates
HTML
<a href="https://pyup.io/repos/github/wherculano/curso-django/"><img src="https://pyup.io/repos/github/wherculano/curso-django/shield.svg" alt="Updates" /></a>
Textile
!https://pyup.io/repos/github/wherculano/curso-django/shield.svg(Updates)!:https://pyup.io/repos/github/wherculano/curso-django/
RDoc
{<img src="https://pyup.io/repos/github/wherculano/curso-django/shield.svg" alt="Updates" />}[https://pyup.io/repos/github/wherculano/curso-django/]