Product Research Enterprise Plans Docs

PyPi: Chipsec

CVE-2023-30861

Transitive

Safety vulnerability ID: 58853

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 02, 2023 Updated at Apr 25, 2024

Scan your Python projects for vulnerabilities →

Advisory

Chipsec 1.11.0 updates its dependency 'flask' to versions '>=2.2.5' to include a security fix.

Affected package

chipsec

Latest version: 1.13.1

CHIPSEC: Platform Security Assessment Framework

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Add pycryptodome to windows requirements list by dscott90 in https://github.com/chipsec/chipsec/pull/1778
* adding 2.80 system table revision to fix 'uefi tables' from not workin… by nstarke in https://github.com/chipsec/chipsec/pull/1770
* Fixing broken 'intelsecurity.com' link with wayback link by nstarke in https://github.com/chipsec/chipsec/pull/1769
* Bug fixes for SPI Write. Fixes 1775 by nstarke in https://github.com/chipsec/chipsec/pull/1776
* Remove Python EFI Shell code by frinzell in https://github.com/chipsec/chipsec/pull/1734
* Update USBwithUEFIShell.rst manual page for code port by frinzell in https://github.com/chipsec/chipsec/pull/1737
* Update qemu_efi.py for code port by frinzell in https://github.com/chipsec/chipsec/pull/1738
* Update flask per vulnerability by npmitche in https://github.com/chipsec/chipsec/pull/1773
* Fix helpers to return correct value for swsmi util by npmitche in https://github.com/chipsec/chipsec/pull/1786
* Add did="0x9D85" name="LP-U" code="PCH_3xxLP" by jun2zhou in https://github.com/chipsec/chipsec/pull/1784
* Update UEFI Shell Python binary to reflect EDK2 updates by npmitche in https://github.com/chipsec/chipsec/pull/1780
* Remove filehelper by npmitche in https://github.com/chipsec/chipsec/pull/1777
* Add Intel TXT register definitions from the SEAM Loader by fishilico in https://github.com/chipsec/chipsec/pull/1774
* Remove deprecated log_skipped() by frinzell in https://github.com/chipsec/chipsec/pull/1771
* Add flag and check for efi_var_enhanced_auth_access by npmitche in https://github.com/chipsec/chipsec/pull/1766
* Add LZMAF86 by BrentHoltsclaw in https://github.com/chipsec/chipsec/pull/1758
* CHIPSEC_LOADED_AS_EXE support deprecated by frinzell in https://github.com/chipsec/chipsec/pull/1772
* Remove osx helper and driver by npmitche in https://github.com/chipsec/chipsec/pull/1792
* Remove 0x3e3x did from cometlake by jun2zhou in https://github.com/chipsec/chipsec/pull/1789
* Add typehints and fstrings to acpi_cmd.py by dscott90 in https://github.com/chipsec/chipsec/pull/1787
* drivers/linux: increase the possible length of symbols by fishilico in https://github.com/chipsec/chipsec/pull/1795
* Intel TXT: fix some misspellings by fishilico in https://github.com/chipsec/chipsec/pull/1794
* Close file if exception thrown during read by dscott90 in https://github.com/chipsec/chipsec/pull/1782
* Update ucode upload support in dalhelper.py by frinzell in https://github.com/chipsec/chipsec/pull/1798
* Remove native api and add linuxnative as separate helper by npmitche in https://github.com/chipsec/chipsec/pull/1791
* Add .run() commands to chipsec_main.py and chipsec_util.py by frinzell in https://github.com/chipsec/chipsec/pull/1804
* Update Running-Chipsec.rst to include .run() by frinzell in https://github.com/chipsec/chipsec/pull/1806
* Remove get_cpuid() from chipsec_main by BrentHoltsclaw in https://github.com/chipsec/chipsec/pull/1800
* Add typehints and fstrings to config_cmd.py by dscott90 in https://github.com/chipsec/chipsec/pull/1808
* Remove old logic which attempts to parse Dell PFS proprietary format by platomav in https://github.com/chipsec/chipsec/pull/1801
* Add cpu.py unit tests by frinzell in https://github.com/chipsec/chipsec/pull/1797
* Add typehints and fstrings to cmos_cmd.py by dscott90 in https://github.com/chipsec/chipsec/pull/1799
* Add write_unique_file() by frinzell in https://github.com/chipsec/chipsec/pull/1807
* Clean up oshelper by npmitche in https://github.com/chipsec/chipsec/pull/1802
* Clean up HALs and Helpers by npmitche in https://github.com/chipsec/chipsec/pull/1803
* Fix circular dependency with get_datetime_str() by frinzell in https://github.com/chipsec/chipsec/pull/1816
* Fix spidesc table of Master Read/Write Access to Flash Regions by fishilico in https://github.com/chipsec/chipsec/pull/1814
* Make chipsec.init() resilient to platform with unknown VID/DID by fishilico in https://github.com/chipsec/chipsec/pull/1811
* Fix search_efi_tree() return in spi_uefi.py by frinzell in https://github.com/chipsec/chipsec/pull/1818

New Contributors
* nstarke made their first contribution in https://github.com/chipsec/chipsec/pull/1770

**Full Changelog**: https://github.com/chipsec/chipsec/compare/1.10.6...1.11.0

Additional Notes
* The way helpers are loaded and structure has been modified. If you have your own helpers, please make sure they are in the correct folder and named correctly: `chipsec/helper/<name>/<name>helper.py`
* In the UEFI Shell, the python executable has been renamed. (python368.efi > python.efi)
* Removed the OSXHelper. If you still need to run chipsec on OSX, please use a version before 1.11.0.
* Some modules under the `modules.tools` directory have not been fully validated to work with Python3. Please report any issues.

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): NONE