mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 10:18:21 -05:00
fragattacks: avoid python dependency with vulnerability
The py dependency in requirements.txt causes a security warning on GitHub and attracts automated bug hunters (without the hunters verifying the relevancy of the finding). Avoid this. Flaws in py: CVE-2020-29651 Vulnerable versions: < 1.10.0 Patched version: 1.10.0 Description: A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. This fixes #40
This commit is contained in:
parent
44b46d4b04
commit
93441c3e45
@ -4,7 +4,7 @@ more-itertools==8.2.0
|
|||||||
mpmath==1.1.0
|
mpmath==1.1.0
|
||||||
packaging==20.1
|
packaging==20.1
|
||||||
pluggy==0.13.1
|
pluggy==0.13.1
|
||||||
py==1.8.1
|
py==1.10.0
|
||||||
pycryptodome==3.9.7
|
pycryptodome==3.9.7
|
||||||
pyparsing==2.4.6
|
pyparsing==2.4.6
|
||||||
pytest==5.3.5
|
pytest==5.3.5
|
||||||
|
Loading…
Reference in New Issue
Block a user