Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patches vulnerability introduced by transitive module - @certifi #85

Merged
merged 1 commit into from
Jun 11, 2024

Conversation

petruki
Copy link
Member

@petruki petruki commented Jun 11, 2024

Introduced through
[email protected], [email protected] and others
Fixed in
[email protected]

Exploit maturity
No known exploit

Detailed paths and remediation

Introduced through: [email protected][email protected]
Fix: Upgrade certifi to version 2023.7.22

Introduced through: [email protected][email protected][email protected]
Fix: Pin certifi to version 2023.7.22
Introduced through: [email protected][email protected][email protected][email protected]
Fix: Pin certifi to version 2023.7.22

Security information
Factors contributing to the scoring:

Snyk: [CVSS 9.8](https://security.snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047) - Critical Severity
NVD: [CVSS 9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) - Critical Severity

@petruki petruki added security Security issue patch Patch available labels Jun 11, 2024
@petruki petruki added this to the v2.0.1 milestone Jun 11, 2024
@petruki petruki self-assigned this Jun 11, 2024
Copy link

sonarcloud bot commented Jun 11, 2024

@petruki petruki merged commit c49d4b8 into master Jun 11, 2024
4 checks passed
@petruki petruki deleted the staging branch June 11, 2024 04:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
patch Patch available security Security issue
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant