diff --git a/audits/aider-requirements.audit.json b/audits/aider-requirements.audit.json index 48519956..059a44cd 100644 --- a/audits/aider-requirements.audit.json +++ b/audits/aider-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/ansible-lint-requirements.audit.json b/audits/ansible-lint-requirements.audit.json index 0e503da7..5e642ea8 100644 --- a/audits/ansible-lint-requirements.audit.json +++ b/audits/ansible-lint-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/buku-requirements.audit.json b/audits/buku-requirements.audit.json index 638a7bcb..05ce3ff5 100644 --- a/audits/buku-requirements.audit.json +++ b/audits/buku-requirements.audit.json @@ -371,7 +371,7 @@ } }, { - "modified": "2024-11-05T22:01:42Z", + "modified": "2024-12-27T22:09:03Z", "published": "2024-10-25T19:44:43Z", "schema_version": "1.6.0", "id": "GHSA-q34m-jh98-gwm2", @@ -384,7 +384,7 @@ "CGA-p5gp-26hq-j5rc" ], "summary": "Werkzeug possible resource exhaustion when parsing file data in forms", - "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.", + "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.", "affected": [ { "package": { @@ -522,7 +522,7 @@ "introduced": "0" }, { - "fixed": "0.19.7" + "fixed": "0.20.0" } ] } @@ -560,6 +560,9 @@ "0.19.4", "0.19.5", "0.19.6", + "0.19.7", + "0.19.8", + "0.19.9", "0.2.0", "0.3.0", "0.3.1", @@ -591,7 +594,6 @@ "0.9.1" ], "database_specific": { - "last_known_affected_version_range": "<= 0.19.6", "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json" } } @@ -603,7 +605,7 @@ }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "references": [ @@ -619,6 +621,10 @@ "type": "WEB", "url": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee" }, + { + "type": "WEB", + "url": "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f" + }, { "type": "WEB", "url": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b" diff --git a/audits/certsync-requirements.audit.json b/audits/certsync-requirements.audit.json index 1a0ffd02..936ba062 100644 --- a/audits/certsync-requirements.audit.json +++ b/audits/certsync-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] }, @@ -497,7 +497,7 @@ } }, { - "modified": "2024-11-05T22:01:42Z", + "modified": "2024-12-27T22:09:03Z", "published": "2024-10-25T19:44:43Z", "schema_version": "1.6.0", "id": "GHSA-q34m-jh98-gwm2", @@ -510,7 +510,7 @@ "CGA-p5gp-26hq-j5rc" ], "summary": "Werkzeug possible resource exhaustion when parsing file data in forms", - "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.", + "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.", "affected": [ { "package": { @@ -648,7 +648,7 @@ "introduced": "0" }, { - "fixed": "0.19.7" + "fixed": "0.20.0" } ] } @@ -686,6 +686,9 @@ "0.19.4", "0.19.5", "0.19.6", + "0.19.7", + "0.19.8", + "0.19.9", "0.2.0", "0.3.0", "0.3.1", @@ -717,7 +720,6 @@ "0.9.1" ], "database_specific": { - "last_known_affected_version_range": "<= 0.19.6", "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json" } } @@ -729,7 +731,7 @@ }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "references": [ @@ -745,6 +747,10 @@ "type": "WEB", "url": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee" }, + { + "type": "WEB", + "url": "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f" + }, { "type": "WEB", "url": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b" diff --git a/audits/charmcraft-requirements.audit.json b/audits/charmcraft-requirements.audit.json index cff1db89..faffb8b0 100644 --- a/audits/charmcraft-requirements.audit.json +++ b/audits/charmcraft-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] }, diff --git a/audits/gdbgui-requirements.audit.json b/audits/gdbgui-requirements.audit.json index 74645e0f..9f848a08 100644 --- a/audits/gdbgui-requirements.audit.json +++ b/audits/gdbgui-requirements.audit.json @@ -703,7 +703,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -799,7 +799,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -879,7 +879,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] }, @@ -1466,7 +1466,7 @@ } }, { - "modified": "2024-11-05T22:01:42Z", + "modified": "2024-12-27T22:09:03Z", "published": "2024-10-25T19:44:43Z", "schema_version": "1.6.0", "id": "GHSA-q34m-jh98-gwm2", @@ -1479,7 +1479,7 @@ "CGA-p5gp-26hq-j5rc" ], "summary": "Werkzeug possible resource exhaustion when parsing file data in forms", - "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.", + "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.", "affected": [ { "package": { @@ -1617,7 +1617,7 @@ "introduced": "0" }, { - "fixed": "0.19.7" + "fixed": "0.20.0" } ] } @@ -1655,6 +1655,9 @@ "0.19.4", "0.19.5", "0.19.6", + "0.19.7", + "0.19.8", + "0.19.9", "0.2.0", "0.3.0", "0.3.1", @@ -1686,7 +1689,6 @@ "0.9.1" ], "database_specific": { - "last_known_affected_version_range": "<= 0.19.6", "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json" } } @@ -1698,7 +1700,7 @@ }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "references": [ @@ -1714,6 +1716,10 @@ "type": "WEB", "url": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee" }, + { + "type": "WEB", + "url": "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f" + }, { "type": "WEB", "url": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b" diff --git a/audits/gi-docgen-requirements.audit.json b/audits/gi-docgen-requirements.audit.json index 25cf6e44..7dfcf4ba 100644 --- a/audits/gi-docgen-requirements.audit.json +++ b/audits/gi-docgen-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/harlequin-requirements.audit.json b/audits/harlequin-requirements.audit.json index f526a6db..152ecbe9 100644 --- a/audits/harlequin-requirements.audit.json +++ b/audits/harlequin-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/icloudpd-requirements.audit.json b/audits/icloudpd-requirements.audit.json index 9e4c614c..080c47fd 100644 --- a/audits/icloudpd-requirements.audit.json +++ b/audits/icloudpd-requirements.audit.json @@ -525,7 +525,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -621,7 +621,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -680,7 +680,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] }, diff --git a/audits/libplacebo-requirements.audit.json b/audits/libplacebo-requirements.audit.json index 034e4b5d..0ee095c1 100644 --- a/audits/libplacebo-requirements.audit.json +++ b/audits/libplacebo-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/litani-requirements.audit.json b/audits/litani-requirements.audit.json index ff91845c..7723f69e 100644 --- a/audits/litani-requirements.audit.json +++ b/audits/litani-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/mentat-requirements.audit.json b/audits/mentat-requirements.audit.json index c28f7bcc..2659d267 100644 --- a/audits/mentat-requirements.audit.json +++ b/audits/mentat-requirements.audit.json @@ -807,7 +807,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -903,7 +903,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -983,7 +983,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] }, diff --git a/audits/organize-tool-requirements.audit.json b/audits/organize-tool-requirements.audit.json index c2dbbc1b..09be1aef 100644 --- a/audits/organize-tool-requirements.audit.json +++ b/audits/organize-tool-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/pytorch-requirements.audit.json b/audits/pytorch-requirements.audit.json index 85247745..c0b01f14 100644 --- a/audits/pytorch-requirements.audit.json +++ b/audits/pytorch-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/recon-ng-requirements.audit.json b/audits/recon-ng-requirements.audit.json index e108d68e..f31c910c 100644 --- a/audits/recon-ng-requirements.audit.json +++ b/audits/recon-ng-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] }, @@ -497,7 +497,7 @@ } }, { - "modified": "2024-11-05T22:01:42Z", + "modified": "2024-12-27T22:09:03Z", "published": "2024-10-25T19:44:43Z", "schema_version": "1.6.0", "id": "GHSA-q34m-jh98-gwm2", @@ -510,7 +510,7 @@ "CGA-p5gp-26hq-j5rc" ], "summary": "Werkzeug possible resource exhaustion when parsing file data in forms", - "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.", + "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.", "affected": [ { "package": { @@ -648,7 +648,7 @@ "introduced": "0" }, { - "fixed": "0.19.7" + "fixed": "0.20.0" } ] } @@ -686,6 +686,9 @@ "0.19.4", "0.19.5", "0.19.6", + "0.19.7", + "0.19.8", + "0.19.9", "0.2.0", "0.3.0", "0.3.1", @@ -717,7 +720,6 @@ "0.9.1" ], "database_specific": { - "last_known_affected_version_range": "<= 0.19.6", "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-q34m-jh98-gwm2/GHSA-q34m-jh98-gwm2.json" } } @@ -729,7 +731,7 @@ }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" } ], "references": [ @@ -745,6 +747,10 @@ "type": "WEB", "url": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee" }, + { + "type": "WEB", + "url": "https://github.com/pallets/quart/commit/abb04a512496206de279225340ed022852fbf51f" + }, { "type": "WEB", "url": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b" diff --git a/audits/sail-requirements.audit.json b/audits/sail-requirements.audit.json index 7dea932b..4f0125fe 100644 --- a/audits/sail-requirements.audit.json +++ b/audits/sail-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/snapcraft-requirements.audit.json b/audits/snapcraft-requirements.audit.json index e2c68555..6321d280 100644 --- a/audits/snapcraft-requirements.audit.json +++ b/audits/snapcraft-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/audits/vunnel-requirements.audit.json b/audits/vunnel-requirements.audit.json index 63992a3b..2c64d227 100644 --- a/audits/vunnel-requirements.audit.json +++ b/audits/vunnel-requirements.audit.json @@ -150,7 +150,7 @@ } }, { - "modified": "2024-12-26T20:27:49Z", + "modified": "2024-12-27T19:24:19Z", "published": "2024-12-23T17:56:08Z", "schema_version": "1.6.0", "id": "GHSA-q2x7-8rv6-6q7h", @@ -246,7 +246,7 @@ "severity": [ { "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" + "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "type": "CVSS_V4", @@ -305,7 +305,7 @@ "CVE-2024-56326", "GHSA-q2x7-8rv6-6q7h" ], - "max_severity": "10.0" + "max_severity": "7.8" } ] } diff --git a/requirements/awscli@1-requirements.txt b/requirements/awscli@1-requirements.txt index c9ff1c4c..4cbe1e56 100644 --- a/requirements/awscli@1-requirements.txt +++ b/requirements/awscli@1-requirements.txt @@ -1,4 +1,4 @@ -botocore==1.35.79 +botocore==1.35.89 colorama==0.4.6 docutils==0.16 jmespath==1.0.1 @@ -8,4 +8,4 @@ pyyaml==6.0.2 rsa==4.7.2 s3transfer==0.10.4 six==1.17.0 -urllib3==2.2.3 +urllib3==2.3.0 diff --git a/requirements/borgmatic-requirements.txt b/requirements/borgmatic-requirements.txt index e73c4f05..3457a157 100644 --- a/requirements/borgmatic-requirements.txt +++ b/requirements/borgmatic-requirements.txt @@ -1,6 +1,5 @@ -attrs==24.2.0 -charset-normalizer==3.4.0 -colorama==0.4.6 +attrs==24.3.0 +charset-normalizer==3.4.1 idna==3.10 jsonschema==4.23.0 jsonschema-specifications==2024.10.1 @@ -9,4 +8,4 @@ referencing==0.35.1 requests==2.32.3 rpds-py==0.22.3 ruamel-yaml==0.18.6 -urllib3==2.2.3 +urllib3==2.3.0 diff --git a/requirements/dstack-requirements.txt b/requirements/dstack-requirements.txt index 129dd4d9..ad604697 100644 --- a/requirements/dstack-requirements.txt +++ b/requirements/dstack-requirements.txt @@ -17,8 +17,8 @@ azure-mgmt-network==27.0.0 azure-mgmt-resource==23.2.0 azure-mgmt-subscription==3.1.1 bcrypt==4.2.1 -boto3==1.35.87 -botocore==1.35.87 +boto3==1.35.88 +botocore==1.35.88 cached-classproperty==1.0.1 cachetools==5.5.0 charset-normalizer==3.4.1 diff --git a/requirements/glances-requirements.txt b/requirements/glances-requirements.txt index 549c0938..aa72fa7c 100644 --- a/requirements/glances-requirements.txt +++ b/requirements/glances-requirements.txt @@ -1,6 +1,6 @@ annotated-types==0.7.0 anyio==4.7.0 -charset-normalizer==3.4.0 +charset-normalizer==3.4.1 click==8.1.8 defusedxml==0.7.1 fastapi==0.115.6