Fix CVE #10056

sbrunner · 2022-10-06T08:51:40Z

-> Vulnerability found in lxml version 4.8.0
Vulnerability ID: 50748
Affected spec: <4.9.1
ADVISORY: Lxml 4.9.1 include a fix for GHSA-wrxv-2j5q-m38w: NULL Pointer
Dereference allows attackers to cause a denial of service (or application...
GHSA-wrxv-2j5q-m38w
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-2309/50748/

-> Vulnerability found in mako version 1.2.0
Vulnerability ID: 50870
Affected spec: <1.2.2
ADVISORY: Mako 1.2.2 includes a fix for a REDoS
vulnerability.sqlalchemy/mako#366
PVE-2022-50870
For more information, please visit
https://pyup.io/vulnerabilities/PVE-2022-50870/50870/

-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49755
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for GHSA-fm67-cv37-96ff: In versions
prior to 5.4.0 an error occurring while reallocating a buffer for string...
GHSA-fm67-cv37-96ff
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31117/49755/

-> Vulnerability found in ujson version 5.2.0
Vulnerability ID: 49754
Affected spec: <5.4.0
ADVISORY: Ujson 5.4.0 includes a fix for GHSA-wpqr-jcpx-745r: Incorrect
handling of invalid surrogate pair...
GHSA-wpqr-jcpx-745r
For more information, please visit
https://pyup.io/vulnerabilities/CVE-2022-31116/49754/

-> Vulnerability found in lxml version 4.8.0 Vulnerability ID: 50748 Affected spec: <4.9.1 ADVISORY: Lxml 4.9.1 include a fix for CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application... CVE-2022-2309 For more information, please visit https://pyup.io/vulnerabilities/CVE-2022-2309/50748/ -> Vulnerability found in mako version 1.2.0 Vulnerability ID: 50870 Affected spec: <1.2.2 ADVISORY: Mako 1.2.2 includes a fix for a REDoS vulnerability.sqlalchemy/mako#366 PVE-2022-50870 For more information, please visit https://pyup.io/vulnerabilities/PVE-2022-50870/50870/ -> Vulnerability found in ujson version 5.2.0 Vulnerability ID: 49755 Affected spec: <5.4.0 ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31117: In versions prior to 5.4.0 an error occurring while reallocating a buffer for string... CVE-2022-31117 For more information, please visit https://pyup.io/vulnerabilities/CVE-2022-31117/49755/ -> Vulnerability found in ujson version 5.2.0 Vulnerability ID: 49754 Affected spec: <5.4.0 ADVISORY: Ujson 5.4.0 includes a fix for CVE-2022-31116: Incorrect handling of invalid surrogate pair... CVE-2022-31116 For more information, please visit https://pyup.io/vulnerabilities/CVE-2022-31116/49754/

sbrunner added 2 commits October 6, 2022 10:53

Fix Snyk integration

ebef904

sbrunner force-pushed the audit27 branch from 44a92d8 to ebef904 Compare October 6, 2022 08:53

sbrunner marked this pull request as ready for review October 6, 2022 09:55

sbrunner merged commit 6886e91 into 2.7 Oct 6, 2022

sbrunner deleted the audit27 branch October 6, 2022 09:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix CVE #10056

Fix CVE #10056

sbrunner commented Oct 6, 2022

Fix CVE #10056

Fix CVE #10056

Conversation

sbrunner commented Oct 6, 2022