Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-25 00:38:24 -05:00
Code Issues Projects Releases Wiki Activity

fragattacks: avoid python dependency with vulnerability

Browse Source 
The py dependency in requirements.txt causes a security warning on
GitHub and attracts automated bug hunters (without the hunters verifying
the relevancy of the finding). Avoid this.

Flaws in py: CVE-2020-29651
Vulnerable versions: < 1.10.0
Patched version: 1.10.0
Description: A denial of service via regular expression in the py.path.svnwc
component of py (aka python-py) through 1.9.0 could be used by attackers to
cause a compute-time denial of service attack by supplying malicious input
to the blame functionality.

This fixes #40
This commit is contained in:
Mathy Vanhoef 2021-09-06 13:56:35 +02:00
parent 44b46d4b04
commit 93441c3e45
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
research/requirements.txt
View File

@ -4,7 +4,7 @@ more-itertools==8.2.0
mpmath==1.1.0 mpmath==1.1.0
packaging==20.1 packaging==20.1
pluggy==0.13.1 pluggy==0.13.1
py==1.8.1 py==1.10.0
pycryptodome==3.9.7 pycryptodome==3.9.7
pyparsing==2.4.6 pyparsing==2.4.6
pytest==5.3.5 pytest==5.3.5