Skip to content

Commit

Permalink
Latest data: Wed Oct 11 08:04:17 UTC 2023
Browse files Browse the repository at this point in the history
  • Loading branch information
github.actions committed Oct 11, 2023
1 parent d322750 commit 107f8ed
Show file tree
Hide file tree
Showing 45 changed files with 5,626 additions and 762 deletions.
177 changes: 175 additions & 2 deletions audits/anime-downloader-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@
},
"vulnerabilities": [
{
"modified": "2023-10-10T05:34:57Z",
"modified": "2023-10-10T22:01:41Z",
"published": "2023-10-02T23:27:05Z",
"schema_version": "1.6.0",
"id": "GHSA-v845-jxx5-vc9f",
Expand Down Expand Up @@ -505,6 +505,10 @@
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2023-192.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/urllib3/urllib3"
Expand All @@ -523,12 +527,181 @@
"nvd_published_at": null,
"severity": "MODERATE"
}
},
{
"modified": "2023-10-10T14:28:19Z",
"published": "2023-10-04T17:15:00Z",
"schema_version": "1.6.0",
"id": "PYSEC-2023-192",
"aliases": [
"CVE-2023-43804",
"GHSA-v845-jxx5-vc9f"
],
"details": "urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.",
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "urllib3",
"purl": "pkg:pypi/urllib3"
},
"ranges": [
{
"type": "GIT",
"events": [
{
"introduced": "0"
},
{
"fixed": "644124ecd0b6e417c527191f866daa05a5a2056d"
},
{
"fixed": "01220354d389cd05474713f8c982d05c9b17aafb"
}
],
"repo": "https://github.com/urllib3/urllib3"
},
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.6"
},
{
"introduced": "0"
},
{
"fixed": "1.26.17"
}
]
}
],
"versions": [
"0.2",
"0.3",
"0.3.1",
"0.4.0",
"0.4.1",
"1.0",
"1.0.1",
"1.0.2",
"1.1",
"1.10",
"1.10.1",
"1.10.2",
"1.10.3",
"1.10.4",
"1.11",
"1.12",
"1.13",
"1.13.1",
"1.14",
"1.15",
"1.15.1",
"1.16",
"1.17",
"1.18",
"1.18.1",
"1.19",
"1.19.1",
"1.2",
"1.2.1",
"1.2.2",
"1.20",
"1.21",
"1.21.1",
"1.22",
"1.23",
"1.24",
"1.24.1",
"1.24.2",
"1.24.3",
"1.25",
"1.25.1",
"1.25.10",
"1.25.11",
"1.25.2",
"1.25.3",
"1.25.4",
"1.25.5",
"1.25.6",
"1.25.7",
"1.25.8",
"1.25.9",
"1.26.0",
"1.26.1",
"1.26.10",
"1.26.11",
"1.26.12",
"1.26.13",
"1.26.14",
"1.26.15",
"1.26.16",
"1.26.2",
"1.26.3",
"1.26.4",
"1.26.5",
"1.26.6",
"1.26.7",
"1.26.8",
"1.26.9",
"1.3",
"1.4",
"1.5",
"1.6",
"1.7",
"1.7.1",
"1.8",
"1.8.2",
"1.8.3",
"1.9",
"1.9.1",
"2.0.0",
"2.0.1",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5"
],
"database_specific": {
"source": "https://github.com/pypa/advisory-database/blob/main/vulns/urllib3/PYSEC-2023-192.yaml"
}
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/urllib3/urllib3/commit/644124ecd0b6e417c527191f866daa05a5a2056d"
},
{
"type": "ADVISORY",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f"
},
{
"type": "FIX",
"url": "https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"
}
]
}
],
"groups": [
{
"ids": [
"GHSA-v845-jxx5-vc9f"
"GHSA-v845-jxx5-vc9f",
"PYSEC-2023-192"
]
}
]
Expand Down
Loading

0 comments on commit 107f8ed

Please sign in to comment.