From f17bb92eb24c017c280ecc8b64f12bf1fe6fe7a9 Mon Sep 17 00:00:00 2001 From: Jin-Sun-tts Date: Wed, 24 Apr 2024 13:54:27 +0000 Subject: [PATCH] Update Pip Requirements --- requirements.txt | 2 +- scan.json | 126 ++++++++++++++++++++++++++++++++--------------- 2 files changed, 86 insertions(+), 42 deletions(-) diff --git a/requirements.txt b/requirements.txt index d295cb51..9a2f615c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -52,7 +52,7 @@ Mako==1.3.3 Markdown==3.4.1 MarkupSafe==2.0.1 messytables==0.15.2 -mypy==1.9.0 +mypy==1.10.0 mypy-extensions==1.0.0 newrelic==9.9.0 nose==1.3.7 diff --git a/scan.json b/scan.json index 0d69e786..06289447 100644 --- a/scan.json +++ b/scan.json @@ -61,7 +61,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -152,7 +156,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -244,7 +252,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -336,7 +348,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -429,7 +445,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -522,7 +542,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -616,7 +640,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nThere is no fixed version for `pyOpenSSL`.\n\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -707,7 +735,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nThere is no fixed version for `pyOpenSSL`.\n\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -799,7 +831,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nThere is no fixed version for `pyOpenSSL`.\n\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -1002,7 +1038,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nA fix was pushed into the `master` branch but not yet published.\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -1099,7 +1139,11 @@ } ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption. This condition is triggered under certain server configurations when processing TLSv1.3 sessions. Specifically, this occurs if the non-default `SSL_OP_NO_TICKET` option is enabled, but not if early_data support is configured along with the default anti-replay protection. A malicious client could deliberately create this scenario to force a service disruption. It may also occur accidentally in normal operation.\r\n\r\n**Note:**\r\n\r\nThis issue is only exploitable if the server supports TLSv1.3 and is configured with the `SSL_OP_NO_TICKET` option enabled.\n## Remediation\nThere is no fixed version for `pyOpenSSL`.\n\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/21df7f04f6c4a560b4de56d10e1e58958c7e566d)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/4a3e8f08306c64366318e26162ae0a0eb7b1a006)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/7984fa683e9dfac0cad50ef2a9d5a13330222044)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/42192fab0a96b484089021148ed1eaa12053f7ed)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2274020)\n- [Vulnerability Advisory](https://www.openssl.org/news/secadv/20240408.txt)\n", - "epssDetails": null, + "epssDetails": { + "percentile": "0.14042", + "probability": "0.00045", + "modelVersion": "v2023.03.01" + }, "identifiers": { "CVE": [ "CVE-2024-2511" @@ -1192,7 +1236,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Deserialization of Untrusted Data which could lead to arbitrary code execution.\n## Remediation\nThere is no fixed version for `Beaker`.\n\n## References\n- [GitHub Issue](https://github.com/bbangert/beaker/issues/191)\n", "epssDetails": { - "percentile": "0.13811", + "percentile": "0.14306", "probability": "0.00045", "modelVersion": "v2023.03.01" }, @@ -1318,7 +1362,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure in the form of exposing the permanent session cookie, when all of the following conditions are met:\r\n\r\n1) The application is hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\r\n\r\n2) The application sets `session.permanent = True`.\r\n\r\n3) The application does not access or modify the session at any point during a request.\r\n\r\n4) `SESSION_REFRESH_EACH_REQUEST` is enabled (the default).\r\n\r\n5) The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\r\n\r\nA response containing data intended for one client may be cached and sent to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. Under these conditions, the `Vary: Cookie` header is not set when a session is refreshed (re-sent to update the expiration) without being accessed or modified.\n## Remediation\nUpgrade `flask` to version 2.2.5, 2.3.2 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b)\n- [GitHub Commit](https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965)\n- [GitHub PR](https://github.com/pallets/flask/pull/5109)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.2.5)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.3.2)\n- [Session Cookie Documentation](https://flask.palletsprojects.com/en/2.3.x/api/#flask.session.permanent)\n", "epssDetails": { - "percentile": "0.49200", + "percentile": "0.49499", "probability": "0.00142", "modelVersion": "v2023.03.01" }, @@ -1447,7 +1491,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure in the form of exposing the permanent session cookie, when all of the following conditions are met:\r\n\r\n1) The application is hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\r\n\r\n2) The application sets `session.permanent = True`.\r\n\r\n3) The application does not access or modify the session at any point during a request.\r\n\r\n4) `SESSION_REFRESH_EACH_REQUEST` is enabled (the default).\r\n\r\n5) The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\r\n\r\nA response containing data intended for one client may be cached and sent to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. Under these conditions, the `Vary: Cookie` header is not set when a session is refreshed (re-sent to update the expiration) without being accessed or modified.\n## Remediation\nUpgrade `flask` to version 2.2.5, 2.3.2 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b)\n- [GitHub Commit](https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965)\n- [GitHub PR](https://github.com/pallets/flask/pull/5109)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.2.5)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.3.2)\n- [Session Cookie Documentation](https://flask.palletsprojects.com/en/2.3.x/api/#flask.session.permanent)\n", "epssDetails": { - "percentile": "0.49200", + "percentile": "0.49499", "probability": "0.00142", "modelVersion": "v2023.03.01" }, @@ -1577,7 +1621,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure in the form of exposing the permanent session cookie, when all of the following conditions are met:\r\n\r\n1) The application is hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\r\n\r\n2) The application sets `session.permanent = True`.\r\n\r\n3) The application does not access or modify the session at any point during a request.\r\n\r\n4) `SESSION_REFRESH_EACH_REQUEST` is enabled (the default).\r\n\r\n5) The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\r\n\r\nA response containing data intended for one client may be cached and sent to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. Under these conditions, the `Vary: Cookie` header is not set when a session is refreshed (re-sent to update the expiration) without being accessed or modified.\n## Remediation\nUpgrade `flask` to version 2.2.5, 2.3.2 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b)\n- [GitHub Commit](https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965)\n- [GitHub PR](https://github.com/pallets/flask/pull/5109)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.2.5)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.3.2)\n- [Session Cookie Documentation](https://flask.palletsprojects.com/en/2.3.x/api/#flask.session.permanent)\n", "epssDetails": { - "percentile": "0.49200", + "percentile": "0.49499", "probability": "0.00142", "modelVersion": "v2023.03.01" }, @@ -1707,7 +1751,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure in the form of exposing the permanent session cookie, when all of the following conditions are met:\r\n\r\n1) The application is hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\r\n\r\n2) The application sets `session.permanent = True`.\r\n\r\n3) The application does not access or modify the session at any point during a request.\r\n\r\n4) `SESSION_REFRESH_EACH_REQUEST` is enabled (the default).\r\n\r\n5) The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\r\n\r\nA response containing data intended for one client may be cached and sent to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. Under these conditions, the `Vary: Cookie` header is not set when a session is refreshed (re-sent to update the expiration) without being accessed or modified.\n## Remediation\nUpgrade `flask` to version 2.2.5, 2.3.2 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b)\n- [GitHub Commit](https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965)\n- [GitHub PR](https://github.com/pallets/flask/pull/5109)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.2.5)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.3.2)\n- [Session Cookie Documentation](https://flask.palletsprojects.com/en/2.3.x/api/#flask.session.permanent)\n", "epssDetails": { - "percentile": "0.49200", + "percentile": "0.49499", "probability": "0.00142", "modelVersion": "v2023.03.01" }, @@ -1837,7 +1881,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Information Exposure in the form of exposing the permanent session cookie, when all of the following conditions are met:\r\n\r\n1) The application is hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\r\n\r\n2) The application sets `session.permanent = True`.\r\n\r\n3) The application does not access or modify the session at any point during a request.\r\n\r\n4) `SESSION_REFRESH_EACH_REQUEST` is enabled (the default).\r\n\r\n5) The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\r\n\r\nA response containing data intended for one client may be cached and sent to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. Under these conditions, the `Vary: Cookie` header is not set when a session is refreshed (re-sent to update the expiration) without being accessed or modified.\n## Remediation\nUpgrade `flask` to version 2.2.5, 2.3.2 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b)\n- [GitHub Commit](https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965)\n- [GitHub PR](https://github.com/pallets/flask/pull/5109)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.2.5)\n- [GitHub Release](https://github.com/pallets/flask/releases/tag/2.3.2)\n- [Session Cookie Documentation](https://flask.palletsprojects.com/en/2.3.x/api/#flask.session.permanent)\n", "epssDetails": { - "percentile": "0.49200", + "percentile": "0.49499", "probability": "0.00142", "modelVersion": "v2023.03.01" }, @@ -1963,7 +2007,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to an issue in the `POLY1305` MAC implementation on PowerPC CPUs. An attacker can corrupt the application state and cause incorrect calculations or potential denial of service by influencing the use of the `POLY1305` MAC algorithm.\r\n\r\n**Note:**\r\n\r\nThis is only exploitable if the attacker has the ability to affect the algorithm's usage and the application relies on non-volatile XMM registers.\n## Remediation\nThere is no fixed version for `pyOpenSSL`.\n\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/89d0d56fb104ac4e0e6db63d78fc22b8c53d27e9)\n- [OpenSSL Advisory](https://www.openssl.org/news/secadv/20240109.txt)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2257571)\n", "epssDetails": { - "percentile": "0.24307", + "percentile": "0.24714", "probability": "0.00061", "modelVersion": "v2023.03.01" }, @@ -2195,7 +2239,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to an issue in the `POLY1305` MAC implementation on PowerPC CPUs. An attacker can corrupt the application state and cause incorrect calculations or potential denial of service by influencing the use of the `POLY1305` MAC algorithm.\r\n\r\n**Note:**\r\n\r\nThis is only exploitable if the attacker has the ability to affect the algorithm's usage and the application relies on non-volatile XMM registers.\n## Remediation\nThere is no fixed version for `pyOpenSSL`.\n\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/89d0d56fb104ac4e0e6db63d78fc22b8c53d27e9)\n- [OpenSSL Advisory](https://www.openssl.org/news/secadv/20240109.txt)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2257571)\n", "epssDetails": { - "percentile": "0.24307", + "percentile": "0.24714", "probability": "0.00061", "modelVersion": "v2023.03.01" }, @@ -2429,7 +2473,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to an issue in the `POLY1305` MAC implementation on PowerPC CPUs. An attacker can corrupt the application state and cause incorrect calculations or potential denial of service by influencing the use of the `POLY1305` MAC algorithm.\r\n\r\n**Note:**\r\n\r\nThis is only exploitable if the attacker has the ability to affect the algorithm's usage and the application relies on non-volatile XMM registers.\n## Remediation\nThere is no fixed version for `pyOpenSSL`.\n\n## References\n- [GitHub Commit](https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04)\n- [GitHub Commit](https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015)\n- [GitHub Commit](https://github.com/pyca/cryptography/commit/89d0d56fb104ac4e0e6db63d78fc22b8c53d27e9)\n- [OpenSSL Advisory](https://www.openssl.org/news/secadv/20240109.txt)\n- [RedHat Bugzilla Bug](https://bugzilla.redhat.com/show_bug.cgi?id=2257571)\n", "epssDetails": { - "percentile": "0.24307", + "percentile": "0.24714", "probability": "0.00061", "modelVersion": "v2023.03.01" }, @@ -2644,7 +2688,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Access Restriction Bypass that allows a malicious application on an adjacent subdomain to present \"nameless\" cookies that look like `=value` instead of `key=value` and have them accepted by the affected browser. For example, a cookie like `=__Host-test=bad` would be parsed as `__Host-test=bad` and the key treated as valid while the value is ignored.\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.17521", + "percentile": "0.17999", "probability": "0.00050", "modelVersion": "v2023.03.01" }, @@ -2755,7 +2799,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data. An attacker can trigger the opening of multipart files containing a large number of file parts, which are processed using `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, consuming CPU, memory, or file handles resources. The amount of CPU time required can block worker processes from handling other requests. The amount of RAM required can trigger an out-of-memory and crash the process.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.48210", + "percentile": "0.48498", "probability": "0.00136", "modelVersion": "v2023.03.01" }, @@ -2868,7 +2912,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Inefficient Algorithmic Complexity in multipart data parsing. An attacker can cause a denial of service and block worker processes from handling legitimate requests by sending crafted multipart data to an endpoint that will parse it, eventually exhausting or killing all available workers. \r\n\r\nExploiting this vulnerability is possible if the uploaded file starts with `CR` or `LF` and is followed by megabytes of data without these characters.\n## Remediation\nUpgrade `werkzeug` to version 2.3.8, 3.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9)\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2)\n", "epssDetails": { - "percentile": "0.19412", + "percentile": "0.19854", "probability": "0.00053", "modelVersion": "v2023.03.01" }, @@ -2972,7 +3016,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Access Restriction Bypass that allows a malicious application on an adjacent subdomain to present \"nameless\" cookies that look like `=value` instead of `key=value` and have them accepted by the affected browser. For example, a cookie like `=__Host-test=bad` would be parsed as `__Host-test=bad` and the key treated as valid while the value is ignored.\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.17521", + "percentile": "0.17999", "probability": "0.00050", "modelVersion": "v2023.03.01" }, @@ -3084,7 +3128,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data. An attacker can trigger the opening of multipart files containing a large number of file parts, which are processed using `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, consuming CPU, memory, or file handles resources. The amount of CPU time required can block worker processes from handling other requests. The amount of RAM required can trigger an out-of-memory and crash the process.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.48210", + "percentile": "0.48498", "probability": "0.00136", "modelVersion": "v2023.03.01" }, @@ -3198,7 +3242,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Inefficient Algorithmic Complexity in multipart data parsing. An attacker can cause a denial of service and block worker processes from handling legitimate requests by sending crafted multipart data to an endpoint that will parse it, eventually exhausting or killing all available workers. \r\n\r\nExploiting this vulnerability is possible if the uploaded file starts with `CR` or `LF` and is followed by megabytes of data without these characters.\n## Remediation\nUpgrade `werkzeug` to version 2.3.8, 3.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9)\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2)\n", "epssDetails": { - "percentile": "0.19412", + "percentile": "0.19854", "probability": "0.00053", "modelVersion": "v2023.03.01" }, @@ -3303,7 +3347,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Access Restriction Bypass that allows a malicious application on an adjacent subdomain to present \"nameless\" cookies that look like `=value` instead of `key=value` and have them accepted by the affected browser. For example, a cookie like `=__Host-test=bad` would be parsed as `__Host-test=bad` and the key treated as valid while the value is ignored.\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.17521", + "percentile": "0.17999", "probability": "0.00050", "modelVersion": "v2023.03.01" }, @@ -3415,7 +3459,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data. An attacker can trigger the opening of multipart files containing a large number of file parts, which are processed using `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, consuming CPU, memory, or file handles resources. The amount of CPU time required can block worker processes from handling other requests. The amount of RAM required can trigger an out-of-memory and crash the process.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.48210", + "percentile": "0.48498", "probability": "0.00136", "modelVersion": "v2023.03.01" }, @@ -3529,7 +3573,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Inefficient Algorithmic Complexity in multipart data parsing. An attacker can cause a denial of service and block worker processes from handling legitimate requests by sending crafted multipart data to an endpoint that will parse it, eventually exhausting or killing all available workers. \r\n\r\nExploiting this vulnerability is possible if the uploaded file starts with `CR` or `LF` and is followed by megabytes of data without these characters.\n## Remediation\nUpgrade `werkzeug` to version 2.3.8, 3.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9)\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2)\n", "epssDetails": { - "percentile": "0.19412", + "percentile": "0.19854", "probability": "0.00053", "modelVersion": "v2023.03.01" }, @@ -3634,7 +3678,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Access Restriction Bypass that allows a malicious application on an adjacent subdomain to present \"nameless\" cookies that look like `=value` instead of `key=value` and have them accepted by the affected browser. For example, a cookie like `=__Host-test=bad` would be parsed as `__Host-test=bad` and the key treated as valid while the value is ignored.\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.17521", + "percentile": "0.17999", "probability": "0.00050", "modelVersion": "v2023.03.01" }, @@ -3747,7 +3791,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data. An attacker can trigger the opening of multipart files containing a large number of file parts, which are processed using `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, consuming CPU, memory, or file handles resources. The amount of CPU time required can block worker processes from handling other requests. The amount of RAM required can trigger an out-of-memory and crash the process.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.48210", + "percentile": "0.48498", "probability": "0.00136", "modelVersion": "v2023.03.01" }, @@ -3862,7 +3906,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Inefficient Algorithmic Complexity in multipart data parsing. An attacker can cause a denial of service and block worker processes from handling legitimate requests by sending crafted multipart data to an endpoint that will parse it, eventually exhausting or killing all available workers. \r\n\r\nExploiting this vulnerability is possible if the uploaded file starts with `CR` or `LF` and is followed by megabytes of data without these characters.\n## Remediation\nUpgrade `werkzeug` to version 2.3.8, 3.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9)\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2)\n", "epssDetails": { - "percentile": "0.19412", + "percentile": "0.19854", "probability": "0.00053", "modelVersion": "v2023.03.01" }, @@ -3968,7 +4012,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Access Restriction Bypass that allows a malicious application on an adjacent subdomain to present \"nameless\" cookies that look like `=value` instead of `key=value` and have them accepted by the affected browser. For example, a cookie like `=__Host-test=bad` would be parsed as `__Host-test=bad` and the key treated as valid while the value is ignored.\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.17521", + "percentile": "0.17999", "probability": "0.00050", "modelVersion": "v2023.03.01" }, @@ -4081,7 +4125,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data. An attacker can trigger the opening of multipart files containing a large number of file parts, which are processed using `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, consuming CPU, memory, or file handles resources. The amount of CPU time required can block worker processes from handling other requests. The amount of RAM required can trigger an out-of-memory and crash the process.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.48210", + "percentile": "0.48498", "probability": "0.00136", "modelVersion": "v2023.03.01" }, @@ -4196,7 +4240,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Inefficient Algorithmic Complexity in multipart data parsing. An attacker can cause a denial of service and block worker processes from handling legitimate requests by sending crafted multipart data to an endpoint that will parse it, eventually exhausting or killing all available workers. \r\n\r\nExploiting this vulnerability is possible if the uploaded file starts with `CR` or `LF` and is followed by megabytes of data without these characters.\n## Remediation\nUpgrade `werkzeug` to version 2.3.8, 3.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9)\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2)\n", "epssDetails": { - "percentile": "0.19412", + "percentile": "0.19854", "probability": "0.00053", "modelVersion": "v2023.03.01" }, @@ -4302,7 +4346,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Access Restriction Bypass that allows a malicious application on an adjacent subdomain to present \"nameless\" cookies that look like `=value` instead of `key=value` and have them accepted by the affected browser. For example, a cookie like `=__Host-test=bad` would be parsed as `__Host-test=bad` and the key treated as valid while the value is ignored.\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.17521", + "percentile": "0.17999", "probability": "0.00050", "modelVersion": "v2023.03.01" }, @@ -4415,7 +4459,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data. An attacker can trigger the opening of multipart files containing a large number of file parts, which are processed using `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, consuming CPU, memory, or file handles resources. The amount of CPU time required can block worker processes from handling other requests. The amount of RAM required can trigger an out-of-memory and crash the process.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.48210", + "percentile": "0.48498", "probability": "0.00136", "modelVersion": "v2023.03.01" }, @@ -4530,7 +4574,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Inefficient Algorithmic Complexity in multipart data parsing. An attacker can cause a denial of service and block worker processes from handling legitimate requests by sending crafted multipart data to an endpoint that will parse it, eventually exhausting or killing all available workers. \r\n\r\nExploiting this vulnerability is possible if the uploaded file starts with `CR` or `LF` and is followed by megabytes of data without these characters.\n## Remediation\nUpgrade `werkzeug` to version 2.3.8, 3.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9)\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2)\n", "epssDetails": { - "percentile": "0.19412", + "percentile": "0.19854", "probability": "0.00053", "modelVersion": "v2023.03.01" }, @@ -4636,7 +4680,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Access Restriction Bypass that allows a malicious application on an adjacent subdomain to present \"nameless\" cookies that look like `=value` instead of `key=value` and have them accepted by the affected browser. For example, a cookie like `=__Host-test=bad` would be parsed as `__Host-test=bad` and the key treated as valid while the value is ignored.\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/cf275f42acad1b5950c50ffe8ef58fe62cdce028)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.17521", + "percentile": "0.17999", "probability": "0.00050", "modelVersion": "v2023.03.01" }, @@ -4749,7 +4793,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Denial of Service (DoS) when parsing multipart form data. An attacker can trigger the opening of multipart files containing a large number of file parts, which are processed using `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, consuming CPU, memory, or file handles resources. The amount of CPU time required can block worker processes from handling other requests. The amount of RAM required can trigger an out-of-memory and crash the process.\n\n## Details\n\nDenial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.\n\nUnlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.\n\nOne popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.\n\nWhen it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.\n\nTwo common types of DoS vulnerabilities:\n\n* High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, [commons-fileupload:commons-fileupload](SNYK-JAVA-COMMONSFILEUPLOAD-30082).\n\n* Crash - An attacker sending crafted requests that could cause the system to crash. For Example, [npm `ws` package](https://snyk.io/vuln/npm:ws:20171108)\n\n## Remediation\nUpgrade `werkzeug` to version 2.2.3 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/517cac5a804e8c4dc4ed038bb20dacd038e7a9f1)\n- [GitHub Release](https://github.com/pallets/werkzeug/releases/tag/2.2.3)\n", "epssDetails": { - "percentile": "0.48210", + "percentile": "0.48498", "probability": "0.00136", "modelVersion": "v2023.03.01" }, @@ -4864,7 +4908,7 @@ ], "description": "## Overview\n\nAffected versions of this package are vulnerable to Inefficient Algorithmic Complexity in multipart data parsing. An attacker can cause a denial of service and block worker processes from handling legitimate requests by sending crafted multipart data to an endpoint that will parse it, eventually exhausting or killing all available workers. \r\n\r\nExploiting this vulnerability is possible if the uploaded file starts with `CR` or `LF` and is followed by megabytes of data without these characters.\n## Remediation\nUpgrade `werkzeug` to version 2.3.8, 3.0.1 or higher.\n## References\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f2300208d5e2a5076cbbb4c2aad71096fd040ef9)\n- [GitHub Commit](https://github.com/pallets/werkzeug/commit/f3c803b3ade485a45f12b6d6617595350c0f03e2)\n", "epssDetails": { - "percentile": "0.19412", + "percentile": "0.19854", "probability": "0.00053", "modelVersion": "v2023.03.01" },