GHSA-pp84-v3mw-gg4w

Source

https://github.com/advisories/GHSA-pp84-v3mw-gg4w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-pp84-v3mw-gg4w/GHSA-pp84-v3mw-gg4w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pp84-v3mw-gg4w

Published

2024-08-27T19:50:54Z

Modified

2024-11-30T05:26:56.603019Z

Summary

Taipy 3.1.1 affected by CVEs on flask-core and pymongo

Details

Summary

Indirect CVEs affect Taipy 3.1.1

Details

Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core <4.0.1 and taipy 3.1.1 needs <=4.0.0 CVE-2024-5629 affects pymongo <4.6.3 and taipy 3.1.1 needs <=4.6.1

Please see References for further details.

Patch

please upgrade to the following versions:

Fixed on patch versions: >=3.1.2 and on major releases: >=4.0.0

Impact

pre-commit breaks when using dependency Taipy 3.1.1

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-27T19:50:54Z"
}

References

Affected packages

PyPI / taipy

Package

Name: taipy; View open source insights on deps.dev
Purl: pkg:pypi/taipy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.0

Affected versions

1.*

1.0.0

1.1.0

2.*

2.0.0

2.1.0

2.2.0

2.3.0

2.3.1

2.4.0

3.*

3.0.0

3.1.0

3.1.1

Database specific

{
    "last_known_affected_version_range": "<= 3.1.1"
}