Product Research Enterprise Plans Docs

PyPi: Renku

CVE-2019-14322

Transitive

Safety vulnerability ID: 64208

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 28, 2019 Updated at Apr 09, 2024

Scan your Python projects for vulnerabilities →

Advisory

Renku 0.6.0 updates its Werkzeug dependency to version 0.15.5 from the previous 0.12, in response to the security vulnerability CVE-2019-14322.
https://github.com/SwissDataScienceCenter/renku-python/pull/633/commits/d349d70939feff4e2797ac99b07f1cb633b37596

Affected package

renku

Latest version: 2.9.2

Python SDK and CLI for the Renku platform.

Affected versions

Fixed versions

Vulnerability changelog

[0.6.0](https://github.com/SwissDataScienceCenter/renku-python/compare/v0.5.2...v0.6.0) (2019-09-19)

Bug Fixes

* adds _label and commit data to imported dataset files, single commit for imports ([651](https://github.com/SwissDataScienceCenter/renku-python/issues/651)) ([75ce369](https://github.com/SwissDataScienceCenter/renku-python/commit/75ce369))
* always add commit to dataset if possible ([648](https://github.com/SwissDataScienceCenter/renku-python/issues/648)) ([7659bc8](https://github.com/SwissDataScienceCenter/renku-python/commit/7659bc8)), closes [#646](https://github.com/SwissDataScienceCenter/renku-python/issues/646)
* cleanup needed for integration tests on py35 ([653](https://github.com/SwissDataScienceCenter/renku-python/issues/653)) ([fdd7215](https://github.com/SwissDataScienceCenter/renku-python/commit/fdd7215))
* fixed serialization of datetime to iso format ([629](https://github.com/SwissDataScienceCenter/renku-python/issues/629)) ([693d59d](https://github.com/SwissDataScienceCenter/renku-python/commit/693d59d))
* fixes broken integration test ([649](https://github.com/SwissDataScienceCenter/renku-python/issues/649)) ([04eba66](https://github.com/SwissDataScienceCenter/renku-python/commit/04eba66))
* hide image, pull, runner, show, workon and deactivate commands ([672](https://github.com/SwissDataScienceCenter/renku-python/issues/672)) ([a3e9998](https://github.com/SwissDataScienceCenter/renku-python/commit/a3e9998))
* integration tests fixed ([685](https://github.com/SwissDataScienceCenter/renku-python/issues/685)) ([f0ea8f0](https://github.com/SwissDataScienceCenter/renku-python/commit/f0ea8f0))
* migration of old datasets ([639](https://github.com/SwissDataScienceCenter/renku-python/issues/639)) ([4d4d7d2](https://github.com/SwissDataScienceCenter/renku-python/commit/4d4d7d2))
* migration timezones ([683](https://github.com/SwissDataScienceCenter/renku-python/issues/683)) ([58c2de4](https://github.com/SwissDataScienceCenter/renku-python/commit/58c2de4))
* Removes unneccesary call to git lfs with no paths ([658](https://github.com/SwissDataScienceCenter/renku-python/issues/658)) ([e32d48b](https://github.com/SwissDataScienceCenter/renku-python/commit/e32d48b))
* renku home directory overwrite in tests ([657](https://github.com/SwissDataScienceCenter/renku-python/issues/657)) ([90e1c48](https://github.com/SwissDataScienceCenter/renku-python/commit/90e1c48))
* security update ([633](https://github.com/SwissDataScienceCenter/renku-python/issues/633)) ([52d8989](https://github.com/SwissDataScienceCenter/renku-python/commit/52d8989))
* upload metadata before actual files ([652](https://github.com/SwissDataScienceCenter/renku-python/issues/652)) ([95ed468](https://github.com/SwissDataScienceCenter/renku-python/commit/95ed468))
* use latest_html for version check ([647](https://github.com/SwissDataScienceCenter/renku-python/issues/647)) ([c6b0309](https://github.com/SwissDataScienceCenter/renku-python/commit/c6b0309)), closes [#641](https://github.com/SwissDataScienceCenter/renku-python/issues/641)
* user-related metadata ([655](https://github.com/SwissDataScienceCenter/renku-python/issues/655)) ([44183e6](https://github.com/SwissDataScienceCenter/renku-python/commit/44183e6))
* zenodo export failing with relative paths ([d40967c](https://github.com/SwissDataScienceCenter/renku-python/commit/d40967c))

Features

* dataverse import ([626](https://github.com/SwissDataScienceCenter/renku-python/issues/626)) ([9f0f9a1](https://github.com/SwissDataScienceCenter/renku-python/commit/9f0f9a1))
* enable all datasets command to operate on dirty repository ([607](https://github.com/SwissDataScienceCenter/renku-python/issues/607)) ([74e328b](https://github.com/SwissDataScienceCenter/renku-python/commit/74e328b))
* explicit input output specification ([598](https://github.com/SwissDataScienceCenter/renku-python/issues/598)) ([ce8ba67](https://github.com/SwissDataScienceCenter/renku-python/commit/ce8ba67))
* export filename as schema:name ([643](https://github.com/SwissDataScienceCenter/renku-python/issues/643)) ([aed54bf](https://github.com/SwissDataScienceCenter/renku-python/commit/aed54bf)), closes [#640](https://github.com/SwissDataScienceCenter/renku-python/issues/640)
* support for indirect inputs and outputs ([650](https://github.com/SwissDataScienceCenter/renku-python/issues/650)) ([e960a98](https://github.com/SwissDataScienceCenter/renku-python/commit/e960a98))

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14322

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): NONE

CVSS v2 Details

MEDIUM 5.0

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): NONE
Availability Impact (A): NONE