PyPi: Negmas

CVE-2023-44271

Transitive

Safety vulnerability ID: 62485

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 03, 2023 Updated at Apr 07, 2024
Scan your Python projects for vulnerabilities →

Advisory

Negmas 0.10.2 updates its dependency 'pillow' to v10.0.1 to include security fixes.

Affected package

negmas

Latest version: 0.10.23

NEGotiations Managed by Agent Simulations

Affected versions

Fixed versions

Vulnerability changelog

--------------

* Adding RandomOfferGuaranteedAcceptance negotiator
* Fixing some failures in testing some genius agents
* [Snyk] Security upgrade pillow from 9.5.0 to 10.0.1
* [Snyk] Security upgrade werkzeug from 2.2.3 to 3.0.1
* [Snyk] Security upgrade pillow from 9.5.0 to 10.0.0
* fix: docs/requirements.txt to reduce vulnerabilities
* Updating tutorials, adding a tournament there
* Fixing an installation bug: hypothesis was needed to run test_situated under negmas/tests. This prevented users from running the fast set of tests after installation.
* cartesian_tournament to run a simple tournament
- cartesian_tournament runs a simple tournament similar to Genius tournaments.
- create_cartesian_tournament creates a simple Cartesian tournament but does not run it. To run the tournament, call run_tournament passing it the returned path from create_cartesian_tournament.
* fix: requirements-visualizer.txt to reduce vulnerabilities
* Group2 defaults to Y2015Group2 in gnegotaitors
* adding Ateamagent beside AteamAgent
* Correcting few gnegotiator names
* standardizing some gnegotiator names
* renaming ateamAgent -> AteamAgent in genius
* Adding some missing Genius negotiators to gnegotiators.py

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH