Safety vulnerability ID: 62749
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Jake 3.0.2 updates the package dependency urllib3 from 2.0.2 to 2.0.6 to fix CVE-2023-45803 and CVE-2023-45804 on its dependency.
https://github.com/sonatype-nexus-community/jake/pull/144/files
https://nvd.nist.gov/vuln/detail/CVE-2023-45803
Latest version: 3.0.11
An OSS Index integration to check for vulnerabilities in your Python environments
Fix
* fix: Update circleci config.yml (148) ([`1385908`](https://github.com/sonatype-nexus-community/jake/commit/1385908cd978c0fbeb4db3d18fa2aee1f518d67e))
* fix: more verbose semantic-release ([`3a87a37`](https://github.com/sonatype-nexus-community/jake/commit/3a87a3715b0e905e0f21670694541561f5ae13c6))
* fix: verbose semantic-release (bump version) ([`b0d102d`](https://github.com/sonatype-nexus-community/jake/commit/b0d102db41af8456029d56840df80957f42017e8))
* fix: verbose semantic-release ([`bf975f8`](https://github.com/sonatype-nexus-community/jake/commit/bf975f8eaa84ce7d5e011bcd144f93bb191f8324))
* fix: kick release harder, update lock file, bump release version, cross fingers. ([`474609f`](https://github.com/sonatype-nexus-community/jake/commit/474609f20694b0cdd4297a91d0a7260bd3eee713))
* fix: trigger release of 3.0.2 ([`73ba63f`](https://github.com/sonatype-nexus-community/jake/commit/73ba63f95d75b46c9ad11efe6c5f7bf943419484))
* fix: small change to trigger release to allow higher rich version ([`51cbfd6`](https://github.com/sonatype-nexus-community/jake/commit/51cbfd612cdbe81fa2d0d4e31eca9a31c16a1275))
* fix: resolve CVE-2023-45803 in urllib3 2.0.6 ([`4ffd06b`](https://github.com/sonatype-nexus-community/jake/commit/4ffd06bca7ae896b2a90de57fecb42928e4838fb))
* fix: resolve CVE-2023-43804 in urllib3 2.0.2 (144) ([`a39e9d2`](https://github.com/sonatype-nexus-community/jake/commit/a39e9d21f57080edeebdcfecbc3043cb773fe0f4))
* fix: trigger release for vulnerability fixed in dc52c76f ([`bcee8a2`](https://github.com/sonatype-nexus-community/jake/commit/bcee8a2dff57b20b1b4bbb43c92c516e52cd3e43))
* fix: resolve CVE-2023-37920 in certifi 2023.5.7 ([`821380a`](https://github.com/sonatype-nexus-community/jake/commit/821380a4651a57d650d3f6af970ae0ecce9e3608))
Unknown
* Update pyproject.toml - allow higher rich version (147)
* Update pyproject.toml
* Update jake-whitelist.json ([`a70bb1c`](https://github.com/sonatype-nexus-community/jake/commit/a70bb1ce12bee6ed3e3bcc387902d822873b7271))
* update python version badge to 3.7+ ([`9b4e6cb`](https://github.com/sonatype-nexus-community/jake/commit/9b4e6cbb78d3cd0d090ad1b996b63fa2adafec7c))
* remove trigger readme.md change ([`616bf71`](https://github.com/sonatype-nexus-community/jake/commit/616bf71cd507b04a84c9692e9fb5b25747ecd35a))
* Fix cython_sources build error (142)
* upgrade lowest to ossindex-lib 1.1.1, which fixes cython_sources error when building PyYAML 5.4.1 ([`47371c8`](https://github.com/sonatype-nexus-community/jake/commit/47371c8c98deeb657f826250c2105897c57c9b9e))
* temporary revert of resolve CVE-2023-37920 ([`dc52c76`](https://github.com/sonatype-nexus-community/jake/commit/dc52c76f3ad0bbbd46a92129ad397e9a24ba7c73))
* resolve CVE-2023-37920 ([`9050ebc`](https://github.com/sonatype-nexus-community/jake/commit/9050ebcd4c67d1dae95bdd01959067400a1e780a))
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application