Product Research Enterprise Plans Docs

PyPi: Rocketlogger

CVE-2022-25883

Transitive

Safety vulnerability ID: 60131

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 21, 2023 Updated at Nov 07, 2023

Scan your Python projects for vulnerabilities →

Advisory

Rocketlogger 2.1.2 updates its dependency 'semver' to version '7.5.4' to include a fix for a ReDoS vulnerability.
https://github.com/ETHZ-TEC/RocketLogger/commit/6142c0e8d2bb6bcba2409f4a48ffaa2952d6d99f

Affected package

rocketlogger

Latest version: 2.1.2

RocketLogger Python Support

Affected versions

Fixed versions

Vulnerability changelog

* [ADD] Document and test compatibility of Python support library with numpy 1.24 and 1.25
* [ADD] GitLab CI for testing documentation generation (relates to 105)
* [CHANGED] Update web server dependencies with security patches
* [FIX] Improved SD card mount reliability (107)
* [FIX] Automated release documentation generation (105)
* [FIX] Image patching script failure with latest docker images

_Notes:_

This bugfix release address SD card reliability problems, fixes release documentation generation, and updates web server dependencies with security patches.
Further, the compatibility of Python support library with latest numpy releases is tested and documented.

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25883

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH