Skip to content

Commit

Permalink
Latest data: Fri Dec 27 08:09:02 UTC 2024
Browse files Browse the repository at this point in the history
  • Loading branch information
github.actions committed Dec 27, 2024
1 parent 2bccdd6 commit 7e2269c
Show file tree
Hide file tree
Showing 23 changed files with 282 additions and 107 deletions.
20 changes: 15 additions & 5 deletions audits/aider-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@
],
"vulnerabilities": [
{
"modified": "2024-12-23T21:02:04Z",
"modified": "2024-12-26T20:27:33Z",
"published": "2024-12-23T17:54:12Z",
"schema_version": "1.6.0",
"id": "GHSA-gmj6-6f8f-6699",
"aliases": [
"CVE-2024-56201"
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -103,6 +104,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -145,7 +150,7 @@
}
},
{
"modified": "2024-12-23T21:00:55Z",
"modified": "2024-12-26T20:27:49Z",
"published": "2024-12-23T17:56:08Z",
"schema_version": "1.6.0",
"id": "GHSA-q2x7-8rv6-6q7h",
Expand All @@ -155,7 +160,8 @@
"related": [
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6"
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down Expand Up @@ -238,6 +244,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -285,7 +295,7 @@
"CVE-2024-56201",
"GHSA-gmj6-6f8f-6699"
],
"max_severity": "5.4"
"max_severity": "8.8"
},
{
"ids": [
Expand All @@ -295,7 +305,7 @@
"CVE-2024-56326",
"GHSA-q2x7-8rv6-6q7h"
],
"max_severity": "5.4"
"max_severity": "10.0"
}
]
}
Expand Down
20 changes: 15 additions & 5 deletions audits/ansible-lint-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@
],
"vulnerabilities": [
{
"modified": "2024-12-23T21:02:04Z",
"modified": "2024-12-26T20:27:33Z",
"published": "2024-12-23T17:54:12Z",
"schema_version": "1.6.0",
"id": "GHSA-gmj6-6f8f-6699",
"aliases": [
"CVE-2024-56201"
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -103,6 +104,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -145,7 +150,7 @@
}
},
{
"modified": "2024-12-23T21:00:55Z",
"modified": "2024-12-26T20:27:49Z",
"published": "2024-12-23T17:56:08Z",
"schema_version": "1.6.0",
"id": "GHSA-q2x7-8rv6-6q7h",
Expand All @@ -155,7 +160,8 @@
"related": [
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6"
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down Expand Up @@ -238,6 +244,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -285,7 +295,7 @@
"CVE-2024-56201",
"GHSA-gmj6-6f8f-6699"
],
"max_severity": "5.4"
"max_severity": "8.8"
},
{
"ids": [
Expand All @@ -295,7 +305,7 @@
"CVE-2024-56326",
"GHSA-q2x7-8rv6-6q7h"
],
"max_severity": "5.4"
"max_severity": "10.0"
}
]
}
Expand Down
20 changes: 15 additions & 5 deletions audits/certsync-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@
],
"vulnerabilities": [
{
"modified": "2024-12-23T21:02:04Z",
"modified": "2024-12-26T20:27:33Z",
"published": "2024-12-23T17:54:12Z",
"schema_version": "1.6.0",
"id": "GHSA-gmj6-6f8f-6699",
"aliases": [
"CVE-2024-56201"
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -103,6 +104,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -145,7 +150,7 @@
}
},
{
"modified": "2024-12-23T21:00:55Z",
"modified": "2024-12-26T20:27:49Z",
"published": "2024-12-23T17:56:08Z",
"schema_version": "1.6.0",
"id": "GHSA-q2x7-8rv6-6q7h",
Expand All @@ -155,7 +160,8 @@
"related": [
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6"
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down Expand Up @@ -238,6 +244,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -285,7 +295,7 @@
"CVE-2024-56201",
"GHSA-gmj6-6f8f-6699"
],
"max_severity": "5.4"
"max_severity": "8.8"
},
{
"ids": [
Expand All @@ -295,7 +305,7 @@
"CVE-2024-56326",
"GHSA-q2x7-8rv6-6q7h"
],
"max_severity": "5.4"
"max_severity": "10.0"
}
]
},
Expand Down
20 changes: 15 additions & 5 deletions audits/charmcraft-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,15 @@
],
"vulnerabilities": [
{
"modified": "2024-12-23T21:02:04Z",
"modified": "2024-12-26T20:27:33Z",
"published": "2024-12-23T17:54:12Z",
"schema_version": "1.6.0",
"id": "GHSA-gmj6-6f8f-6699",
"aliases": [
"CVE-2024-56201"
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -103,6 +104,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -145,7 +150,7 @@
}
},
{
"modified": "2024-12-23T21:00:55Z",
"modified": "2024-12-26T20:27:49Z",
"published": "2024-12-23T17:56:08Z",
"schema_version": "1.6.0",
"id": "GHSA-q2x7-8rv6-6q7h",
Expand All @@ -155,7 +160,8 @@
"related": [
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6"
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down Expand Up @@ -238,6 +244,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -285,7 +295,7 @@
"CVE-2024-56201",
"GHSA-gmj6-6f8f-6699"
],
"max_severity": "5.4"
"max_severity": "8.8"
},
{
"ids": [
Expand All @@ -295,7 +305,7 @@
"CVE-2024-56326",
"GHSA-q2x7-8rv6-6q7h"
],
"max_severity": "5.4"
"max_severity": "10.0"
}
]
},
Expand Down
20 changes: 15 additions & 5 deletions audits/gdbgui-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -272,14 +272,15 @@
],
"vulnerabilities": [
{
"modified": "2024-12-23T21:02:04Z",
"modified": "2024-12-26T20:27:33Z",
"published": "2024-12-23T17:54:12Z",
"schema_version": "1.6.0",
"id": "GHSA-gmj6-6f8f-6699",
"aliases": [
"CVE-2024-56201"
],
"related": [
"CGA-2589-9xpr-fmp7",
"CGA-gvvw-7w3r-7m54",
"CGA-mvqg-6j62-4pjm",
"CGA-whf8-42p9-686q"
Expand Down Expand Up @@ -365,6 +366,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -698,7 +703,7 @@
}
},
{
"modified": "2024-12-23T21:00:55Z",
"modified": "2024-12-26T20:27:49Z",
"published": "2024-12-23T17:56:08Z",
"schema_version": "1.6.0",
"id": "GHSA-q2x7-8rv6-6q7h",
Expand All @@ -708,7 +713,8 @@
"related": [
"CGA-79fr-pvjg-j9xm",
"CGA-crfr-r549-cvmg",
"CGA-gm37-p355-3fq6"
"CGA-gm37-p355-3fq6",
"CGA-h3v9-xgx5-mrgr"
],
"summary": "Jinja has a sandbox breakout through indirect reference to format method",
"details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
Expand Down Expand Up @@ -791,6 +797,10 @@
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
Expand Down Expand Up @@ -838,7 +848,7 @@
"CVE-2024-56201",
"GHSA-gmj6-6f8f-6699"
],
"max_severity": "5.4"
"max_severity": "8.8"
},
{
"ids": [
Expand Down Expand Up @@ -869,7 +879,7 @@
"CVE-2024-56326",
"GHSA-q2x7-8rv6-6q7h"
],
"max_severity": "5.4"
"max_severity": "10.0"
}
]
},
Expand Down
Loading

0 comments on commit 7e2269c

Please sign in to comment.