Skip to content

Commit

Permalink
Latest data: Sat Nov 25 08:03:53 UTC 2023
Browse files Browse the repository at this point in the history
  • Loading branch information
github.actions committed Nov 25, 2023
1 parent b6c81e1 commit 8fb9639
Show file tree
Hide file tree
Showing 29 changed files with 39 additions and 365 deletions.
282 changes: 0 additions & 282 deletions audits/athenacli-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,287 +116,5 @@
]
}
]
},
{
"package": {
"name": "pygments",
"version": "2.11.1",
"ecosystem": "PyPI",
"commit": ""
},
"vulnerabilities": [
{
"modified": "2023-11-08T04:10:25Z",
"published": "2023-07-19T15:30:26Z",
"schema_version": "1.6.0",
"id": "GHSA-mrwq-x4v8-fh7p",
"aliases": [
"CVE-2022-40896",
"PYSEC-2023-117"
],
"summary": "Pygments vulnerable to ReDoS",
"details": "A ReDoS issue was discovered in `pygments/lexers/smithy.py` in Pygments until 2.15.0 via SmithyLexer.",
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pygments",
"purl": "pkg:pypi/pygments"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.15.0"
}
]
}
],
"versions": [
"0.10",
"0.11",
"0.11.1",
"0.5",
"0.5.1",
"0.6",
"0.7",
"0.7.1",
"0.8",
"0.8.1",
"0.9",
"1.0",
"1.1",
"1.1.1",
"1.2",
"1.2.1",
"1.2.2",
"1.3",
"1.3.1",
"1.4",
"1.5",
"1.6",
"1.6rc1",
"2.0",
"2.0.1",
"2.0.2",
"2.0rc1",
"2.1",
"2.1.1",
"2.1.2",
"2.1.3",
"2.10.0",
"2.11.0",
"2.11.1",
"2.11.2",
"2.12.0",
"2.13.0",
"2.14.0",
"2.2.0",
"2.3.0",
"2.3.1",
"2.4.0",
"2.4.1",
"2.4.2",
"2.5.1",
"2.5.2",
"2.6.0",
"2.6.1",
"2.7.0",
"2.7.1",
"2.7.2",
"2.7.3",
"2.7.4",
"2.8.0",
"2.8.1",
"2.9.0"
],
"database_specific": {
"source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-mrwq-x4v8-fh7p/GHSA-mrwq-x4v8-fh7p.json"
},
"ecosystem_specific": {
"affected_functions": [
"pygments.lexers.templates.SqlJinjaLexer.analyse_text",
"pygments.lexers.smithy.SmithyLexer",
"pygments.lexers.configs.PropertiesLexer"
]
}
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40896"
},
{
"type": "WEB",
"url": "https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194"
},
{
"type": "WEB",
"url": "https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04"
},
{
"type": "WEB",
"url": "https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52"
},
{
"type": "PACKAGE",
"url": "https://github.com/pygments/pygments"
},
{
"type": "WEB",
"url": "https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pygments/PYSEC-2023-117.yaml"
},
{
"type": "WEB",
"url": "https://pypi.org/project/Pygments/"
},
{
"type": "WEB",
"url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/"
}
],
"database_specific": {
"cwe_ids": [
"CWE-434"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-20T11:00:04Z",
"nvd_published_at": "2023-07-19T15:15:10Z",
"severity": "MODERATE"
}
},
{
"modified": "2023-11-08T04:10:25Z",
"published": "2023-07-19T15:15:00Z",
"schema_version": "1.6.0",
"id": "PYSEC-2023-117",
"aliases": [
"CVE-2022-40896",
"GHSA-mrwq-x4v8-fh7p"
],
"details": "A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.",
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pygments",
"purl": "pkg:pypi/pygments"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.15.1"
}
]
}
],
"versions": [
"0.10",
"0.11",
"0.11.1",
"0.5",
"0.5.1",
"0.6",
"0.7",
"0.7.1",
"0.8",
"0.8.1",
"0.9",
"1.0",
"1.1",
"1.1.1",
"1.2",
"1.2.1",
"1.2.2",
"1.3",
"1.3.1",
"1.4",
"1.5",
"1.6",
"1.6rc1",
"2.0",
"2.0.1",
"2.0.2",
"2.0rc1",
"2.1",
"2.1.1",
"2.1.2",
"2.1.3",
"2.10.0",
"2.11.0",
"2.11.1",
"2.11.2",
"2.12.0",
"2.13.0",
"2.14.0",
"2.15.0",
"2.2.0",
"2.3.0",
"2.3.1",
"2.4.0",
"2.4.1",
"2.4.2",
"2.5.1",
"2.5.2",
"2.6.0",
"2.6.1",
"2.7.0",
"2.7.1",
"2.7.2",
"2.7.3",
"2.7.4",
"2.8.0",
"2.8.1",
"2.9.0"
],
"database_specific": {
"source": "https://github.com/pypa/advisory-database/blob/main/vulns/pygments/PYSEC-2023-117.yaml"
}
}
],
"references": [
{
"type": "PACKAGE",
"url": "https://pypi.org/project/Pygments/"
},
{
"type": "WEB",
"url": "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/"
},
{
"type": "WEB",
"url": "https://github.com/pygments/pygments/blob/master/pygments/lexers/smithy.py#L61"
}
]
}
],
"groups": [
{
"ids": [
"GHSA-mrwq-x4v8-fh7p",
"PYSEC-2023-117"
]
}
]
}
]
6 changes: 5 additions & 1 deletion audits/buku-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -793,7 +793,7 @@
},
"vulnerabilities": [
{
"modified": "2023-11-13T21:16:00Z",
"modified": "2023-11-24T09:49:21Z",
"published": "2023-10-25T14:22:59Z",
"schema_version": "1.6.0",
"id": "GHSA-hrfv-mqp8-q5rw",
Expand Down Expand Up @@ -989,6 +989,10 @@
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231124-0008/"
}
],
"database_specific": {
Expand Down
6 changes: 5 additions & 1 deletion audits/recon-ng-requirements.audit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1973,7 +1973,7 @@
},
"vulnerabilities": [
{
"modified": "2023-11-13T21:16:00Z",
"modified": "2023-11-24T09:49:21Z",
"published": "2023-10-25T14:22:59Z",
"schema_version": "1.6.0",
"id": "GHSA-hrfv-mqp8-q5rw",
Expand Down Expand Up @@ -2169,6 +2169,10 @@
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/werkzeug/PYSEC-2023-221.yaml"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231124-0008/"
}
],
"database_specific": {
Expand Down
2 changes: 0 additions & 2 deletions requirements/aerleon-requirements.txt
View file

This file was deleted.

4 changes: 0 additions & 4 deletions requirements/aiven-client-requirements.txt
View file

This file was deleted.

15 changes: 6 additions & 9 deletions requirements/athenacli-requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,11 @@
boto3==1.28.65
botocore==1.31.65
boto3==1.29.6
botocore==1.32.6
cli-helpers==2.3.0
configobj==5.0.8
fsspec==2023.9.2
fsspec==2023.10.0
jmespath==1.0.1
prompt-toolkit==3.0.39
pyathena==3.0.9
pygments==2.11.1
prompt-toolkit==3.0.41
pyathena==3.0.10
s3transfer==0.7.0
sqlparse==0.4.4
tenacity==8.2.3
urllib3==2.0.7
wcwidth==0.2.8
wcwidth==0.2.12
11 changes: 8 additions & 3 deletions requirements/binwalk-requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
capstone==4.0.2
capstone==5.0.1
contourpy==1.2.0
cycler==0.12.1
fonttools==4.44.3
gnupg==2.3.1
matplotlib==3.6.3
pycryptodome==3.17
kiwisolver==1.4.5
matplotlib==3.8.1
pycryptodome==3.19.0
python-dateutil==2.8.2
14 changes: 7 additions & 7 deletions requirements/check-jsonschema-requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,21 @@ attrs==23.1.0
charset-normalizer==3.3.2
click==8.1.7
fqdn==1.5.1
idna==3.4
idna==3.5
isoduration==20.11.0
jsonpointer==2.4
jsonschema==4.19.2
jsonschema-specifications==2023.7.1
jsonschema==4.20.0
jsonschema-specifications==2023.11.1
python-dateutil==2.8.2
referencing==0.30.2
referencing==0.31.0
regress==0.4.2
requests==2.31.0
rfc3339-validator==0.1.4
rfc3987==1.3.8
rpds-py==0.10.6
ruamel-yaml==0.17.33
rpds-py==0.13.1
ruamel-yaml==0.18.5
ruamel-yaml-clib==0.2.8
types-python-dateutil==2.8.19.14
uri-template==1.3.0
urllib3==2.0.7
urllib3==2.1.0
webcolors==1.13
Loading

0 comments on commit 8fb9639

Please sign in to comment.