Latest data: Wed Nov 1 08:04:00 UTC 2023

Homebrew · Nov 1, 2023 · 87c04fc · 87c04fc
1 parent 7a9108d
commit 87c04fc
Show file tree

Hide file tree

Showing 22 changed files with 188 additions and 59 deletions.
diff --git a/audits/buku-requirements.audit.json b/audits/buku-requirements.audit.json
@@ -779,7 +779,7 @@
     },
     "vulnerabilities": [
       {
-        "modified": "2023-10-25T14:42:34Z",
+        "modified": "2023-10-31T21:31:25Z",
         "published": "2023-10-25T14:22:59Z",
         "schema_version": "1.6.0",
         "id": "GHSA-hrfv-mqp8-q5rw",
@@ -911,15 +911,29 @@
             }
           }
         ],
+        "severity": [
+          {
+            "type": "CVSS_V3",
+            "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+          }
+        ],
         "references": [
           {
             "type": "WEB",
             "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw"
           },
+          {
+            "type": "ADVISORY",
+            "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46136"
+          },
           {
             "type": "WEB",
             "url": "https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1"
           },
+          {
+            "type": "WEB",
+            "url": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2"
+          },
           {
             "type": "PACKAGE",
             "url": "https://github.com/pallets/werkzeug"
@@ -932,7 +946,7 @@
           "github_reviewed": true,
           "github_reviewed_at": "2023-10-25T14:22:59Z",
           "nvd_published_at": null,
-          "severity": "MODERATE"
+          "severity": "HIGH"
         }
       }
     ],

diff --git a/audits/psutils-requirements.audit.json b/audits/psutils-requirements.audit.json
@@ -0,0 +1,119 @@
+[
+  {
+    "package": {
+      "name": "pypdf",
+      "version": "3.16.4",
+      "ecosystem": "PyPI",
+      "commit": ""
+    },
+    "vulnerabilities": [
+      {
+        "modified": "2023-10-31T22:32:26Z",
+        "published": "2023-10-31T22:22:50Z",
+        "schema_version": "1.6.0",
+        "id": "GHSA-wjcc-cq79-p63f",
+        "aliases": [
+          "CVE-2023-46250"
+        ],
+        "summary": "Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF",
+        "details": "### Impact\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop.\nThis infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.\n\nThat is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations.\n\n### Patches\nThe issue was fixed with #2264\n\n### Workarounds\nIf you cannot update your version of pypdf, you should modify `pypdf/generic/_data_structures.py` just like #2264 did.",
+        "affected": [
+          {
+            "package": {
+              "ecosystem": "PyPI",
+              "name": "pypdf",
+              "purl": "pkg:pypi/pypdf"
+            },
+            "ranges": [
+              {
+                "type": "ECOSYSTEM",
+                "events": [
+                  {
+                    "introduced": "3.7.0"
+                  },
+                  {
+                    "fixed": "3.17.0"
+                  }
+                ]
+              }
+            ],
+            "versions": [
+              "3.10.0",
+              "3.11.0",
+              "3.11.1",
+              "3.12.0",
+              "3.12.1",
+              "3.12.2",
+              "3.13.0",
+              "3.14.0",
+              "3.15.0",
+              "3.15.1",
+              "3.15.2",
+              "3.15.3",
+              "3.15.4",
+              "3.15.5",
+              "3.16.0",
+              "3.16.1",
+              "3.16.2",
+              "3.16.3",
+              "3.16.4",
+              "3.7.0",
+              "3.7.1",
+              "3.8.0",
+              "3.8.1",
+              "3.9.0",
+              "3.9.1"
+            ],
+            "database_specific": {
+              "source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-wjcc-cq79-p63f/GHSA-wjcc-cq79-p63f.json"
+            }
+          }
+        ],
+        "severity": [
+          {
+            "type": "CVSS_V3",
+            "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+          }
+        ],
+        "references": [
+          {
+            "type": "WEB",
+            "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f"
+          },
+          {
+            "type": "ADVISORY",
+            "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46250"
+          },
+          {
+            "type": "WEB",
+            "url": "https://github.com/py-pdf/pypdf/pull/2264"
+          },
+          {
+            "type": "WEB",
+            "url": "https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d"
+          },
+          {
+            "type": "PACKAGE",
+            "url": "https://github.com/py-pdf/pypdf"
+          }
+        ],
+        "database_specific": {
+          "cwe_ids": [
+            "CWE-835"
+          ],
+          "github_reviewed": true,
+          "github_reviewed_at": "2023-10-31T22:22:50Z",
+          "nvd_published_at": null,
+          "severity": "MODERATE"
+        }
+      }
+    ],
+    "groups": [
+      {
+        "ids": [
+          "GHSA-wjcc-cq79-p63f"
+        ]
+      }
+    ]
+  }
+]
diff --git a/audits/recon-ng-requirements.audit.json b/audits/recon-ng-requirements.audit.json
@@ -1953,7 +1953,7 @@
     },
     "vulnerabilities": [
       {
-        "modified": "2023-10-25T14:42:34Z",
+        "modified": "2023-10-31T21:31:25Z",
         "published": "2023-10-25T14:22:59Z",
         "schema_version": "1.6.0",
         "id": "GHSA-hrfv-mqp8-q5rw",
@@ -2085,15 +2085,29 @@
             }
           }
         ],
+        "severity": [
+          {
+            "type": "CVSS_V3",
+            "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+          }
+        ],
         "references": [
           {
             "type": "WEB",
             "url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw"
           },
+          {
+            "type": "ADVISORY",
+            "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46136"
+          },
           {
             "type": "WEB",
             "url": "https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1"
           },
+          {
+            "type": "WEB",
+            "url": "https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2"
+          },
           {
             "type": "PACKAGE",
             "url": "https://github.com/pallets/werkzeug"
@@ -2106,7 +2120,7 @@
           "github_reviewed": true,
           "github_reviewed_at": "2023-10-25T14:22:59Z",
           "nvd_published_at": null,
-          "severity": "MODERATE"
+          "severity": "HIGH"
         }
       },
       {

diff --git a/requirements/adb-enhanced-requirements.txt b/requirements/adb-enhanced-requirements.txt
@@ -1,2 +1 @@
 docopt==0.6.2
-psutil==5.9.5
diff --git a/requirements/awsume-requirements.txt b/requirements/awsume-requirements.txt
@@ -3,7 +3,6 @@ botocore==1.31.65
 colorama==0.4.6
 jmespath==1.0.1
 pluggy==1.3.0
-psutil==5.9.6
 python-dateutil==2.8.2
 s3transfer==0.7.0
 urllib3==2.0.7
diff --git a/requirements/bbot-requirements.txt b/requirements/bbot-requirements.txt
@@ -21,11 +21,9 @@ hyperframe==6.0.1
 idna==3.4
 jinja2==3.1.2
 lockfile==0.12.2
-markupsafe==2.1.3
 omegaconf==2.3.0
 ordered-set==4.1.0
 pexpect==4.8.0
-psutil==5.9.5
 ptyprocess==0.7.0
 pycryptodome==3.19.0
 pydantic==1.10.13
@@ -37,7 +35,6 @@ requests-file==1.5.1
 resolvelib==0.8.1
 sniffio==1.3.0
 soupsieve==2.5
-tabulate==0.8.10
 tldextract==3.5.0
 url-normalize==1.4.3
 urllib3==2.0.6

diff --git a/requirements/dvc-requirements.txt b/requirements/dvc-requirements.txt
@@ -26,7 +26,6 @@ botocore==1.31.17
 cachetools==5.3.2
 celery==5.3.4
 charset-normalizer==3.3.1
-click==8.1.7
 click-didyoumean==0.3.0
 click-plugins==1.1.1
 click-repl==0.3.0
@@ -103,7 +102,6 @@ pathspec==0.11.2
 platformdirs==3.11.0
 portalocker==2.8.2
 prompt-toolkit==3.0.39
-psutil==5.9.6
 pyasn1==0.5.0
 pyasn1-modules==0.3.0
 pycryptodome==3.19.0
@@ -114,7 +112,6 @@ pydrive2==1.17.0
 pygtrie==2.5.0
 pyjwt==2.8.0
 pyopenssl==23.3.0
-pyparsing==3.1.1
 python-dateutil==2.8.2
 requests==2.31.0
 requests-oauthlib==1.3.1

diff --git a/requirements/dxpy-requirements.txt b/requirements/dxpy-requirements.txt
@@ -1,6 +1,5 @@
 charset-normalizer==3.3.1
 idna==3.4
-psutil==5.9.6
 python-dateutil==2.8.2
 requests==2.28.2
 urllib3==1.26.18

diff --git a/requirements/glances-requirements.txt b/requirements/glances-requirements.txt
@@ -1,3 +1,2 @@
 defusedxml==0.7.1
-psutil==5.9.5
 ujson==5.8.0
diff --git a/requirements/gyb-requirements.txt b/requirements/gyb-requirements.txt
@@ -1,4 +1,3 @@
-altgraph==0.17.3
 cachetools==5.3.1
 charset-normalizer==3.2.0
 google-api-core==2.11.1
@@ -9,14 +8,10 @@ google-auth-oauthlib==1.0.0
 googleapis-common-protos==1.60.0
 httplib2==0.22.0
 idna==3.4
-macholib==1.16.2
 oauthlib==3.2.2
 protobuf==4.23.4
 pyasn1==0.5.0
 pyasn1-modules==0.3.0
-pyinstaller==5.13.0
-pyinstaller-hooks-contrib==2023.6
-pyparsing==3.1.1
 requests==2.31.0
 requests-oauthlib==1.3.1
 rsa==4.9

diff --git a/requirements/ipython-requirements.txt b/requirements/ipython-requirements.txt
@@ -11,4 +11,4 @@ ptyprocess==0.7.0
 pure-eval==0.2.2
 stack-data==0.6.3
 traitlets==5.13.0
-wcwidth==0.2.8
+wcwidth==0.2.9
diff --git a/requirements/iredis-requirements.txt b/requirements/iredis-requirements.txt
@@ -1,9 +1,9 @@
-click==7.1.2
+click==8.1.7
 configobj==5.0.8
 mistune==3.0.2
 pendulum==2.1.2
 prompt-toolkit==3.0.39
 python-dateutil==2.8.2
 pytzdata==2020.1
-redis==4.6.0
+redis==5.0.1
 wcwidth==0.1.9
diff --git a/requirements/neovim-remote-requirements.txt b/requirements/neovim-remote-requirements.txt
@@ -1,4 +1,3 @@
-greenlet==2.0.1
-msgpack==1.0.4
-psutil==5.9.4
+greenlet==3.0.1
+msgpack==1.0.7
 pynvim==0.4.3
diff --git a/requirements/oci-cli-requirements.txt b/requirements/oci-cli-requirements.txt
@@ -1,10 +1,10 @@
 arrow==1.3.0
 circuitbreaker==1.4.0
 jmespath==0.10.0
-oci==2.114.0
+oci==2.115.0
 prompt-toolkit==3.0.29
-pyopenssl==23.2.0
+pyopenssl==23.3.0
 python-dateutil==2.8.2
 terminaltables==3.1.0
 types-python-dateutil==2.8.19.14
-wcwidth==0.2.8
+wcwidth==0.2.9
diff --git a/requirements/pipenv-requirements.txt b/requirements/pipenv-requirements.txt
diff --git a/requirements/prowler-requirements.txt b/requirements/prowler-requirements.txt
@@ -2,26 +2,26 @@ about-time==4.2.1
 alive-progress==3.1.4
 awsipranges==0.3.3
 azure-common==1.1.28
-azure-core==1.29.4
-azure-identity==1.14.0
+azure-core==1.29.5
+azure-identity==1.15.0
 azure-mgmt-authorization==4.0.0
 azure-mgmt-core==1.4.0
 azure-mgmt-security==5.0.0
 azure-mgmt-sql==3.0.1
 azure-mgmt-storage==21.1.0
 azure-mgmt-subscription==3.1.1
-azure-storage-blob==12.18.2
+azure-storage-blob==12.18.3
 boto3==1.26.165
 botocore==1.29.165
-cachetools==5.3.1
-charset-normalizer==3.3.0
+cachetools==5.3.2
+charset-normalizer==3.3.1
 click-plugins==1.1.1
 colorama==0.4.6
 contextlib2==21.6.0
 detect-secrets==1.4.0
-filelock==3.12.4
+filelock==3.13.1
 google-api-core==2.12.0
-google-api-python-client==2.102.0
+google-api-python-client==2.105.0
 google-auth==2.23.3
 google-auth-httplib2==0.1.1
 googleapis-common-protos==1.61.0
@@ -48,9 +48,9 @@ requests-oauthlib==1.3.1
 rsa==4.9
 s3transfer==0.6.2
 schema==0.7.5
-shodan==1.30.0
+shodan==1.30.1
 slack-sdk==3.23.0
 tldextract==5.0.1
 uritemplate==4.1.1
 urllib3==1.26.18
-xlsxwriter==3.1.8
+xlsxwriter==3.1.9