PyPi: Eh

CVE-2017-18342

Transitive

Safety vulnerability ID: 37500

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 27, 2018 Updated at Nov 07, 2023
Scan your Python projects for vulnerabilities →

Advisory

Eh 1.3.0 and 0.2.8 update its dependency 'pyyaml' to a version >=4.2b1 to include a security fix.

Affected package

eh

Latest version: 1.4.4

A command line program that will output helpful reminders based on parameters

Affected versions

Fixed versions

Vulnerability changelog

------

* Releasing 1.3.0
* Updated readme for new multi-repo support
* Added travis
* Adding unit tests and some docs
* Started refactor project
* Version 1.2.4 - updated docs
* Updated readme and list outputs
* Updated to 1.2.2
* Updated list format + summaries
* Fixed missing arg bug
* Added subdirectory support
* Updated eh.md
* Updated readme
* Updated changelog?
* Added autocomplete and docs for it
* Python 3 support
* Updated list to be sorted
* Markdown description
* Fixed description
* set to version 1.0.0
* Updated readme
* Updated changelog
* Fixed pyyaml security issue
* Updated changelog and tags
* updated version
* Removed eh poop
* Allowed MD comment format for subject header
* Updated list method and readme
* Updated cli help for update
* Updated cli help
* Updated readme
* Updated eh help
* Added subject support from common repo
* Adding some help for pypi
* Added find
* Added grep reminder
* Fixed the docker and vim subjects
* Added new vim and docker subjects
* Removed readme.rst and added readme.md
* Created help and updated readme
* Fixed bash subject markdown due to mdv bug
* Changed the way that subjects are loaded and made
* Renamed project to eh
* Set version to 0.1.0
* Added bash contrib subject
* Initial commit
* Initial commit

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL