Product Research Enterprise Plans Docs

PyPi: Wolkenbrot

CVE-2020-36242

Transitive

Safety vulnerability ID: 42171

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 07, 2021 Updated at Nov 07, 2023

Scan your Python projects for vulnerabilities →

Advisory

Wolkenbrot 0.3 updates its dependency 'cryptography' to v3.3.2 to include security fixes.

Affected package

wolkenbrot

Latest version: 0.3.0

Create and Manage AWS EC2 AMI cloud images

Affected versions

Fixed versions

Vulnerability changelog

----

* Add tasks to build sdist and upload to pypi
* Add license header to all files
* AWS: Handle deletion of resources on exceptions
* Openstack: fix example
* Add spec for pyinstaller
* Continue working on executable creation
* Build executable with pyinstaller
* AWS: Fix all tests
* Makefile: py.test -> pytest
* Integrate mh in the makefile
* Add requirements.txt
* Openstack: Properly tag image
* Openstack: add tags to the image
* Openstack: clean volume when finished
* CLI: fix logic of OS vs. AWS
* Openstack: fix image delete
* Docs: show how to use templates
* AWS: Wait for SSH return if client obained
* CLI: fix undefined references
* AWS: fix tiny bugs introduced by refactoring
* AWS: Update example with updated AMI
* update openstack example
* Update ChangeLog
* Update README.md
* Update README.md
* Update README.md
* Handle deletion error
* Allow passing --openstack
* Openstack: successfully build image
* Openstack: Clean KeyPair after exit
* Create SSH client at wait for SSH
* Openstack delete security group when exiting
* Clean up builder machine at program exit
* Got SSH and following steps working on OS
* Add floating IP address if desired
* Fix: launching wait for SSH in openstack
* Simplify validate\_image\_function
* Fix launching of machine in openstack
* Fix logic of security groups creation
* Remove unused import
* Sort imports remove unused imports
* Update example config
* Add openstacksdk to the dependencies
* Tiny OS fixes
* Add bake functionality for openstack
* Enable openstack delete images
* Enable Openstack image details subcommand
* Isolate initialization of clients
* Refactor: continue work on Openstack support
* Bump urllib3 from 1.26.4 to 1.26.5
* WIP: continue work on openstack builder
* Add methods to create sec. group and ssh key on OS
* Add examples
* Fix missing imports in cli.py
* Refactor: move CLI logic to cli.py
* Update gitignore
* Update dependency declaration
* Update dependencies
* Bump cryptography from 3.2 to 3.3.2
* Bump cryptography from 2.7 to 3.2
* Update Pipenv.lock
* Update copyright in util.py
* Update requirements
* Refactor the code base as a start for adding another cloud
* Add pytest cache to ignored files
* Add Pipfiles

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36242

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.1

CVSS v3 Details

CRITICAL 9.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 6.4

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): NONE
Availability Impact (A): PARTIAL