CVE-2018-18074

Advisory

Sbp 2.7.0 upgrades its requests dependency from version ~=2.8.1 to 2.20.* in response to the security vulnerability CVE-2018-18074.
https://github.com/swift-nav/libsbp/pull/708/commits/d924fecd7969c8fecfb5d8741fada35e76ed363a

Affected package

Affected versions

Fixed versions

Vulnerability changelog

[Full Changelog](https://github.com/swift-nav/libsbp/compare/v2.6.5...v2.7.0)

**Merged pull requests:**

- libsbp version 2.7.0 [\730](https://github.com/swift-nav/libsbp/pull/730)
- Replace ujson with rapidjson \[STA-1009\] [\729](https://github.com/swift-nav/libsbp/pull/729)
- Make a msg\_buff pointer for backwards compatibility [\728](https://github.com/swift-nav/libsbp/pull/728)
- Remove OWNERS.md file. [\726](https://github.com/swift-nav/libsbp/pull/726)
- Frame callback implementation & tests [\725](https://github.com/swift-nav/libsbp/pull/725)
- JSONLogIterator - Fix the iteration if the JSON is already unwrapped [\724](https://github.com/swift-nav/libsbp/pull/724)
- Dynamic import generator output modules [\722](https://github.com/swift-nav/libsbp/pull/722)
- Changing java CRC16 class modifiers to enable external access \(\720\) [\721](https://github.com/swift-nav/libsbp/pull/721)
- ORI-594 Fix up SSR atmospherics documentation [\719](https://github.com/swift-nav/libsbp/pull/719)
- Remove lodash from JavaScript deps [\717](https://github.com/swift-nav/libsbp/pull/717)
- Initial rust implementation [\714](https://github.com/swift-nav/libsbp/pull/714)
- Remove redundant field. [\713](https://github.com/swift-nav/libsbp/pull/713)
- Support running w/o Numba/Numpy installed [\712](https://github.com/swift-nav/libsbp/pull/712)
- Add code coverage \[ESD-1407\] [\710](https://github.com/swift-nav/libsbp/pull/710)
- Update requests to resolve security issue [\708](https://github.com/swift-nav/libsbp/pull/708)

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18074