Skip to content

vulnerabilities in outdated dependencies #463

New issue
New issue
Open
Open
vulnerabilities in outdated dependencies#463
@ubiquitin

Description

@ubiquitin
ubiquitin
opened on Jan 22, 2020

Issues to fix by upgrading dependencies:

Upgrade flask@0.10.1 to flask@0.12.3 to fix

  • Improper Input Validation
  • Denial of Service (DOS)

Upgrade pyyaml@3.11 to pyyaml@4.1 to fix

  • Arbitrary Code Execution [High Severity] - bug in pyyaml@3.11

Upgrade requests@2.3.0 to requests@2.6.0 to fix

  • Session Fixation [Medium Severity]
  • HTTP Request Redirection [Medium Severity]
  • Information Exposure [High Severity]

Pin Jinja2@2.7.3 to Jinja2@2.10.1 to fix

  • Sandbox Escape [Medium Severity] introduced by flask@0.10.1 > Jinja2@2.7.3
  • Sandbox Bypass [High Severity]

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions