Fix CVE #10041

sbrunner · 2022-09-30T14:02:48Z

-> Vulnerability found in mako version 1.0.9
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/

Ignore CVE

Title: [1084602] Arbitrary Code Execution in underscore
Severity: critical
CWE: CWE-94
Vulnerable versions: >=1.3.2 <1.12.1
Patched versions: >=1.12.1
Recommendation: Upgrade to version 1.12.1 or later
Version: 1.6.0
Path: openlayers > nomnom > underscore
More info: GHSA-cf4h-3jhx-xvhq

-> Vulnerability found in mako version 1.0.9 Vulnerability ID: 50870 Affected spec: <1.2.2 ADVISORY: Mako 1.2.2 includes a fix for a REDoS vulnerability.sqlalchemy/mako#366 PVE-2022-50870 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-50870/50870/ Title: [1084602] Arbitrary Code Execution in underscore Severity: critical CWE: CWE-94 Vulnerable versions: >=1.3.2 <1.12.1 Patched versions: >=1.12.1 Recommendation: Upgrade to version 1.12.1 or later Version: 1.6.0 Path: openlayers > nomnom > underscore More info: GHSA-cf4h-3jhx-xvhq

sbrunner force-pushed the audit24 branch from 909bfd9 to addc7ff Compare September 30, 2022 14:09

sbrunner force-pushed the audit24 branch from addc7ff to a2301cf Compare September 30, 2022 15:04

sbrunner marked this pull request as ready for review September 30, 2022 15:26

sbrunner merged commit f6ce24c into 2.4 Sep 30, 2022

sbrunner deleted the audit24 branch September 30, 2022 15:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix CVE #10041

Fix CVE #10041

sbrunner commented Sep 30, 2022

Fix CVE #10041

Fix CVE #10041

Conversation

sbrunner commented Sep 30, 2022