Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE #1570

Merged
merged 1 commit into from Oct 3, 2022
Merged

Fix CVE #1570

merged 1 commit into from Oct 3, 2022

Conversation

sbrunner
Copy link
Member

@sbrunner sbrunner commented Oct 3, 2022

-> Vulnerability found in lxml version 4.6.5
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
CVE-2022-2309
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/

-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
CVE-2022-31117
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/

-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
handling of invalid surrogate pair...
CVE-2022-31116
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/

-> Vulnerability found in mako version 1.1.2
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/

@sbrunner
Fix CVE
6835e50 
  -> Vulnerability found in lxml version 4.6.5
     Vulnerability ID: 50748
     Affected spec: <4.9.1
     ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer
     Dereference allows attackers to cause a denial of service (or application...
     CVE-2022-2309
     For more information, please visit
     https://pyup.io/vulnerabilities/CVE-2022-2309/50748/

  -> Vulnerability found in ujson version 5.2.0
     Vulnerability ID: 49755
     Affected spec: <5.4.0
     ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions
     prior to 5.4.0 an error occurring while reallocating a buffer for string...
     CVE-2022-31117
     For more information, please visit
     https://pyup.io/vulnerabilities/CVE-2022-31117/49755/

  -> Vulnerability found in ujson version 5.2.0
     Vulnerability ID: 49754
     Affected spec: <5.4.0
     ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect
     handling of invalid surrogate pair...
     CVE-2022-31116
     For more information, please visit
     https://pyup.io/vulnerabilities/CVE-2022-31116/49754/

  -> Vulnerability found in mako version 1.1.2
     Vulnerability ID: 50870
     Affected spec: <1.2.2
     ADVISORY: Mako 1.2.2 includes a fix for a REDoS
     vulnerability.sqlalchemy/mako#366
     PVE-2022-50870
     For more information, please visit
     https://pyup.io/vulnerabilities/PVE-2022-50870/50870/
@sbrunner sbrunner merged commit 9cd0ef3 into release_4 Oct 3, 2022
@sbrunner sbrunner deleted the audit4 branch October 3, 2022 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@sbrunner