PYSEC-2024-172

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/streampipes/PYSEC-2024-172.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2024-172

Aliases

Published

2024-07-17T09:15:02Z

Modified

2025-01-18T22:56:43.733755Z

Severity

3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache StreamPipes in user self-registration. This allows an attacker to potentially request the creation of multiple accounts with the same email address until the email address is registered, creating many identical users and corrupting StreamPipe's user management. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

References

Affected packages

PyPI / streampipes

Package

Name: streampipes; View open source insights on deps.dev
Purl: pkg:pypi/streampipes

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.95.0

Affected versions

0.*

0.0.2.dev0

0.91.0

0.92.0

0.93.0