pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl: 1 vulnerabilities (highest severity is: 5.9)

Question

Opened this issue 2 years ago · 0 comments

Vulnerable Library - pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl

Data validation and settings management using python type hints

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Vulnerabilities

Vulnerability	Severity	CVSS	Dependency	Type	Fixed in (pydantic version)	Remediation Possible**
CVE-2024-3772	Medium	5.9	pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl	Direct	1.10.13	✅

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Data validation and settings management using python type hints

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Dependency Hierarchy:

❌ pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Found in base branch: main

Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.

Publish Date: 2024-04-15

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High

For more information on CVSS3 Scores, click here.

Type: Upgrade version

Release Date: 2024-04-15

Fix Resolution: 1.10.13

⛑️ Automatic Remediation will be attempted for this issue.

⛑️Automatic Remediation will be attempted for this issue.