PyPi: Bandit

CVE-2017-18342

Transitive

Safety vulnerability ID: 45736

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 27, 2018 Updated at Dec 05, 2024
Scan your Python projects for vulnerabilities →

Advisory

Bandit 1.6.3 updates its dependency 'pyyaml' to v5.3.1 to include security fixes.

Affected package

bandit

Latest version: 1.8.0

Security oriented static analyser for python code.

Affected versions

Fixed versions

Vulnerability changelog

<details open>
<summary><strong>Changelog</strong></summary>

* Add workflow to publish to PyPI (653) ericwb
* GitHub Action to publish to Test PyPI (652) ericwb
* Fix noqa rendering in docs (645) DrGFreeman
* Don't show progress information on --quiet (641) fniessink
* Add skip configuration to assert_used (633) wilbertom
* Drop Python2 build, test, and install (615) ericwb
* Add release notes project URL (610) scop
* [FIX] blacklist: fix typo in import_ftplib (601) Yenthe666
* Resolve 'NoneType' object has no attribute 'id'Traceback in django_mark_safe (598) ehooo
* Update CODE_OF_CONDUCT.md (591) ericwb
* Fix typo for activating venv (590) bavedarnow
* Bump pyyaml (588) dosisod
* Fix colorama not being disabled after being used (586) adambenali
* Cleanup some typos in recent contributor guide (585) ericwb
* [DOC] Support python3 venv creation (583) look4regev
* Fix contributing typo (582) Glyphack
* Add contributing file (572) Glyphack
* Add push and pull request to GH Action trigger (567) ericwb
* Use GitHub Actions to run CI (565) ericwb
* Add sha1 to the list of insecure hashes (561) ericwb
* replace 'then' with 'than' (557) pwoolvett
* Fix docs for B610,B611,B703 (555) amacfie
* Add a section explaining "nosec" (554) exhuma
* Add official support of Python 3.8 (547) ericwb
* Ignore common directories by default (544) ericwb
* Add shelve to the pickle blacklists (542) auscompgeek
* Add more missing ini options (541) ericwb
* Revert "Revert "Update python documentation links for version 3 counterparts"" (540) ericwb
* Remove unused bindep.txt file (539) ericwb
* Remove obsolete "sudo" keyword. (538) jugmac00
* Update test requirements to latest versions (535) ericwb
* Fix readme file on Extending Bandit on list things (534) Aurel10
* fix the documentation file README.rst (533) Aurel10
* Cleanup comments after 510 (532) florczakraf
* Use SPDX license identifier instead of bulky headers (530) ericwb
* fix B603 docstring (524) graingert
* Add type checking to name node of hashlib_new (516) teeann
* --exit-zero option (510) maciejstromich
* Fix 3.8 errors (509) tylerwince
* Add several ini options for .bandit file (508) vuolter
* get_url returns different urls calling twice (bug 506) (507) ehooo
* Replace setattr (493) tylerwince

</details>

[See full changelog](https://github.com/PyCQA/bandit/compare/1.6.2...1.6.3)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL