aiodns-3.0.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.6) #33

mend-bolt-for-github · 2022-07-14T01:11:26Z

Vulnerable Library - aiodns-3.0.0-py3-none-any.whl

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (aiodns version)	Remediation Possible**
WS-2022-0172	Medium	5.6	pycares-4.1.2-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

WS-2022-0172

Vulnerable Library - pycares-4.1.2-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Python interface for c-ares

Library home page: https://files.pythonhosted.org/packages/4c/5a/a82398e38049e689350f07b46dd8493a8a74821e39c2b904350a3160c1cb/pycares-4.1.2-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Dependency Hierarchy:

aiodns-3.0.0-py3-none-any.whl (Root Library)
- ❌ pycares-4.1.2-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares before 4.2.0

Publish Date: 2024-11-03

URL: WS-2022-0172

CVSS 3 Score Details (5.6)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-c58j-88f5-h53f

Release Date: 2022-07-05

Fix Resolution: pycares - 4.2.0

Step up your Open Source Security Game with Mend here

mend-bolt-for-github bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Jul 14, 2022

mend-bolt-for-github bot changed the title ~~aiodns-3.0.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.5)~~ aiodns-3.0.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.6) Dec 9, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

aiodns-3.0.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.6) #33

aiodns-3.0.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.6) #33

mend-bolt-for-github bot commented Jul 14, 2022 •

edited

Loading

Vulnerable Library - pycares-4.1.2-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Vulnerability Details

CVSS 3 Score Details (5.6)

Suggested Fix

aiodns-3.0.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.6) #33

aiodns-3.0.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.6) #33

Comments

mend-bolt-for-github bot commented Jul 14, 2022 • edited Loading

Vulnerabilities

Details

Vulnerable Library - pycares-4.1.2-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Vulnerability Details

CVSS 3 Score Details (5.6)

Suggested Fix

mend-bolt-for-github bot commented Jul 14, 2022 •

edited

Loading