Safety vulnerability ID: 39304
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Python-libnmap 0.7.2 adds unittest for defusedxml to fix billionlaugh and external entities security issues. It also includes a fix for security issue on XXE (XML External Entities). See: CVE-2019-1010017.
Latest version: 0.7.3
Python NMAP library enabling you to start async nmap tasks, parse and compare/diff scan results
Added
- Added pre-commit hook support to enforce code style (black, isort)
- Added unittest for defusedxml to fix billionlaugh and external entities security issues
- Added extra_requires for plugins deps and defusedxml
- Added banner_dict support + unittest (Merge edited PR from cfoulds)
- Added black, isort in tox environment
- Added more unit tests in several modules to improve code collaboration and automated tested
- Added GitHub action pipeline to run pytests, black and isort checks
- Added GitHub action pipeline to publish pypi package
Changed
- Code linted and styled with black and isort
- Changed Licence from CC-BY to Apache 2.0, considering that CC is [not appropriate for code licensing](https://creativecommons.org/faq/can-i-apply-a-creative-commons-license-to-software)
- Changelog now using [Keep-a-changelog](https://keepachangelog.com/en/1.0.0/) specs
Removed
- Removed travis build in favor of GitHub Actions pipelines
Fixed
- Fix empty nmap outputs due to subprocess race condition (Merge PR79 from Shouren)
- Add extra_requires for plugins deps and defusedxml
- Removed code duplication in sudo_run and sudo_run_background from process.py
Security
- Fix for security issue on XXE (XML External Entities) - CVE-2019-1010017
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application