Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release v2.2.48.1 #2401

Merged
merged 3 commits into from
Jul 13, 2024

Release v2.2.48.1

8659439
Select commit
Loading
Failed to load commit list.
Merged

Release v2.2.48.1 #2401

Release v2.2.48.1
8659439
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / WhiteSource Security Check failed Jul 12, 2024 in 5m 56s

Security Report

The Security Check found 7 vulnerabilities.

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2024-30251

Path to dependency file: /dev-requirements.txt

Path to vulnerable library: /dev-requirements.txt,/tmp/ws-scm/gns3-server

Dependency Hierarchy:

-> ❌ aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

High 7.5 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: aiohttp - 3.9.5 #2374
CVE-2024-23334

Path to dependency file: /dev-requirements.txt

Path to vulnerable library: /dev-requirements.txt,/tmp/ws-scm/gns3-server

Dependency Hierarchy:

-> ❌ aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

High 7.5 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: aiohttp - 3.9.2 #2349
CVE-2024-23829

Path to dependency file: /dev-requirements.txt

Path to vulnerable library: /dev-requirements.txt,/tmp/ws-scm/gns3-server

Dependency Hierarchy:

-> ❌ aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 6.5 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: aiohttp - 3.9.2 #2351
CVE-2024-27306

Path to dependency file: /dev-requirements.txt

Path to vulnerable library: /dev-requirements.txt,/tmp/ws-scm/gns3-server

Dependency Hierarchy:

-> ❌ aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 6.1 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: aiohttp - 3.9.4 #2368
CVE-2023-49082

Path to dependency file: /dev-requirements.txt

Path to vulnerable library: /dev-requirements.txt,/tmp/ws-scm/gns3-server

Dependency Hierarchy:

-> ❌ aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: aiohttp - 3.9.0 #2329
CVE-2023-49081

Path to dependency file: /dev-requirements.txt

Path to vulnerable library: /dev-requirements.txt,/tmp/ws-scm/gns3-server

Dependency Hierarchy:

-> ❌ aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)

Medium 5.3 aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl Upgrade to version: aiohttp - 3.9.0 #2330
CVE-2024-5569

Path to dependency file: /dev-requirements.txt

Path to vulnerable library: /dev-requirements.txt,/tmp/ws-scm/gns3-server

Dependency Hierarchy:

-> ❌ zipp-3.15.0-py3-none-any.whl (Vulnerable Library)

Low 3.3 zipp-3.15.0-py3-none-any.whl Upgrade to version: zipp - 3.19.1 #2396

Total libraries scanned: 33
Scan token: c642362ef2434b3890d031fa8fd68071
View more details on Mend for GitHub.com