PyPi: Oci-Cli

CVE-2020-36242

Transitive

Safety vulnerability ID: 40255

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 07, 2021 Updated at Oct 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Oci-cli 2.24.0 updates its dependency 'cryptography' to v3.3.2 to include a security fix.

Affected package

oci-cli

Latest version: 3.49.4

Oracle Cloud Infrastructure CLI

Affected versions

Fixed versions

Vulnerability changelog

-------------------
Added
~~~~~

* Support for enabling and disabling Operations Insights for External Non-Container and External Pluggable Databases in Database service

* ``oci db external-non-cdb enable-operations-insights``
* ``oci db external-non-cdb disable-operations-insights``
* ``oci db external-pdb enable-operations-insights``
* ``oci db external-pdb disable-operations-insights``

* Support for customer contract for Autonomous Databases in Database Service

* ``oci db autonomous-database create --customer-contacts``
* ``oci db autonomous-database create-from-backup-id --customer-contacts``
* ``oci db autonomous-database create-from-backup-timestamp --customer-contacts``
* ``oci db autonomous-database create-from-clone --customer-contacts``
* ``oci db autonomous-database create-refreshable-clone --customer-contacts``
* ``oci db autonomous-database update --customer-contacts``

* Support for business name annotation of harvested objects in Data Catalog service

* ``oci data-catalog attribute | entity | folder update --business-name``

* Support for opt-in/opt-out of live migration at an instance level in Compute service

* ``oci compute instance launch --availability-config '{"isLiveMigrationPreferred": true}'``

Changed
~~~~~~~

* [Breaking] This version drops support for Python 3.5

* Due to a possible security issue in the version of the dependent cryptography package, we have bumped up the version to 3.3.2. This version does not support Python 3.5.

* Updated help text for putting messages into a stream in Streaming Service

* ``oci streaming stream message put``

* Some unused commands have been removed from the DNS service

* ``oci dns resolver-endpoint create-resolver-endpoint-create-resolver-vnic-endpoint-details``
* ``oci dns resolver-endpoint update-resolver-endpoint-update-resolver-vnic-endpoint-details``

* Some parameters made optional for signing uploads in Artifacts service

* ``oci artifacts container image-signature sign-upload --description --metadata``

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.1

CVSS v3 Details

CRITICAL 9.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 6.4
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
NONE
Availability Impact (A)
PARTIAL