PyPi: Cashocs

CVE-2021-20270

Transitive

Safety vulnerability ID: 64944

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 23, 2021 Updated at Dec 12, 2024
Scan your Python projects for vulnerabilities →

Advisory

Cashocs version 2.0.0 updates its pygments dependency to version 2.7.4 from the previous 2.5.2, addressing the vulnerability identified as CVE-2021-20270.
https://github.com/sblauth/cashocs/pull/141/commits/1fb563e91e1b4d564cb4784c7c812bf27c7e15b7

Affected package

cashocs

Latest version: 2.3.3

Computational Adjoint-Based Shape Optimization and Optimal Control Software

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Hotfix/1.8.7 by sblauth in https://github.com/sblauth/cashocs/pull/90
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/91
* Feature/bfgs restart by sblauth in https://github.com/sblauth/cashocs/pull/93
* Feature/polynomial line search by sblauth in https://github.com/sblauth/cashocs/pull/95
* Hotfix/1.8.8 by sblauth in https://github.com/sblauth/cashocs/pull/97
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/99
* Hotfix/1.8.9 by sblauth in https://github.com/sblauth/cashocs/pull/101
* Feature/pathlib support by sblauth in https://github.com/sblauth/cashocs/pull/103
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/104
* Hotfix/1.8.10 by sblauth in https://github.com/sblauth/cashocs/pull/106
* Feature/xdmf files by sblauth in https://github.com/sblauth/cashocs/pull/108
* Bump actions/checkout from 2 to 3.1.0 by dependabot in https://github.com/sblauth/cashocs/pull/111
* Bump codecov/codecov-action from 1 to 3 by dependabot in https://github.com/sblauth/cashocs/pull/110
* Bump actions/setup-python from 2 to 4 by dependabot in https://github.com/sblauth/cashocs/pull/109
* Hotfix/1.8.11 by sblauth in https://github.com/sblauth/cashocs/pull/114
* Close xdmf files properly using context manager by sblauth in https://github.com/sblauth/cashocs/pull/115
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/117
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/118
* Add i/o capabilities for functions saved in XDMF files by sblauth in https://github.com/sblauth/cashocs/pull/119
* Feature/new docstyle by sblauth in https://github.com/sblauth/cashocs/pull/122
* Feature/convert arguments by sblauth in https://github.com/sblauth/cashocs/pull/123
* Add a quiet flag for cashocs-convert by sblauth in https://github.com/sblauth/cashocs/pull/125
* Feature/remove deprecated kwargs by sblauth in https://github.com/sblauth/cashocs/pull/126
* Moved line search parameters in config to section LineSearch by sblauth in https://github.com/sblauth/cashocs/pull/127
* Hotfix/1.8.12 by sblauth in https://github.com/sblauth/cashocs/pull/131
* Feature/pyproject toml support by sblauth in https://github.com/sblauth/cashocs/pull/132
* Enforce the usage of new style cost functionals by sblauth in https://github.com/sblauth/cashocs/pull/134
* [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 by sblauth in https://github.com/sblauth/cashocs/pull/137
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/135
* Feature/python311 by sblauth in https://github.com/sblauth/cashocs/pull/138
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/139
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/140
* [Snyk] Fix for 5 vulnerabilities by sblauth in https://github.com/sblauth/cashocs/pull/141
* Feature/refactor and remeshing by sblauth in https://github.com/sblauth/cashocs/pull/142
* Feature/display precision by sblauth in https://github.com/sblauth/cashocs/pull/143
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/144
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/146
* Bump actions/checkout from 3.1.0 to 3.2.0 by dependabot in https://github.com/sblauth/cashocs/pull/145
* Add pytest plugins for better testing by sblauth in https://github.com/sblauth/cashocs/pull/148
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/149
* Feature/space mapping docs by sblauth in https://github.com/sblauth/cashocs/pull/150
* Feature/new demo docs by sblauth in https://github.com/sblauth/cashocs/pull/152
* Add demo for io of xdmf files by sblauth in https://github.com/sblauth/cashocs/pull/153
* Feature/xdmf docs by sblauth in https://github.com/sblauth/cashocs/pull/154
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/155
* Fix docker builds workflow by sblauth in https://github.com/sblauth/cashocs/pull/157
* Added damping for BFGS method by sblauth in https://github.com/sblauth/cashocs/pull/158
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/160
* Bump actions/checkout from 3.2.0 to 3.3.0 by dependabot in https://github.com/sblauth/cashocs/pull/159
* Add automatic treatmeant of fieldsplit preconditioner by sblauth in https://github.com/sblauth/cashocs/pull/161
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/162
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/163
* Change datatype of ksp_options to be (lists of) dictionaries by sblauth in https://github.com/sblauth/cashocs/pull/164
* Fix a bug where the mesh quality was not checked when importing the mesh by sblauth in https://github.com/sblauth/cashocs/pull/166
* Fix a bug where solve arguments were not treated correctly with remeshing by sblauth in https://github.com/sblauth/cashocs/pull/174
* Fix a bug - apply the changes from the temp dict to the config by sblauth in https://github.com/sblauth/cashocs/pull/176
* Bump docker/build-push-action from 3 to 4 by dependabot in https://github.com/sblauth/cashocs/pull/177
* Bump sphinx-copybutton from 0.4.0 to 0.5.1 by dependabot in https://github.com/sblauth/cashocs/pull/172
* Bump sphinx-argparse from 0.3.1 to 0.4.0 by dependabot in https://github.com/sblauth/cashocs/pull/169
* Bump docutils from 0.16 to 0.19 by dependabot in https://github.com/sblauth/cashocs/pull/170
* Add the possibility to use custom cost functionals by sblauth in https://github.com/sblauth/cashocs/pull/178
* Add MPI communicators to cashocs by sblauth in https://github.com/sblauth/cashocs/pull/180
* Correctly use MPI communicators by sblauth in https://github.com/sblauth/cashocs/pull/181
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/182
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/186
* Bump meshio from 5.0.4 to 5.3.4 by dependabot in https://github.com/sblauth/cashocs/pull/185
* [Snyk] Security upgrade numpy from 1.21.3 to 1.22.2 by snyk-bot in https://github.com/sblauth/cashocs/pull/187
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/188
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/189
* Use pydata-sphinx-theme 0.13 for the docs by sblauth in https://github.com/sblauth/cashocs/pull/190
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/194
* Bump pydata-sphinx-theme from 0.13 to 0.13.1 by dependabot in https://github.com/sblauth/cashocs/pull/193
* Bump myst-parser from 0.18.1 to 0.19.1 by dependabot in https://github.com/sblauth/cashocs/pull/191
* Bump jupytext from 1.14.4 to 1.14.5 by dependabot in https://github.com/sblauth/cashocs/pull/192
* Unpin imath due to upstream fixes by sblauth in https://github.com/sblauth/cashocs/pull/197
* Add different modes for mesh conversion by sblauth in https://github.com/sblauth/cashocs/pull/198
* Adds a linear solver interface and preconditioner forms by sblauth in https://github.com/sblauth/cashocs/pull/200
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/202
* Bump myst-parser from 0.19.1 to 1.0.0 by dependabot in https://github.com/sblauth/cashocs/pull/201
* Rename parameters for maximum iterations to max_iter for better consistency by sblauth in https://github.com/sblauth/cashocs/pull/204
* Bump actions/checkout from 3.3.0 to 3.4.0 by dependabot in https://github.com/sblauth/cashocs/pull/205
* Add the new logo to cashocs by sblauth in https://github.com/sblauth/cashocs/pull/206
* Add Topology Optimization Methods to cashocs by sblauth in https://github.com/sblauth/cashocs/pull/207
* Bump actions/checkout from 3.4.0 to 3.5.0 by dependabot in https://github.com/sblauth/cashocs/pull/209
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/210
* Fixes the failing CI pipelines by sblauth in https://github.com/sblauth/cashocs/pull/213
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/212
* Bump pydata-sphinx-theme from 0.13.1 to 0.13.3 by dependabot in https://github.com/sblauth/cashocs/pull/211
* Change the default interpolation type for the topological derivative to volume by sblauth in https://github.com/sblauth/cashocs/pull/214
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/215
* Update Sphinx from 5.3 to 6.1.3 by sblauth in https://github.com/sblauth/cashocs/pull/216
* Bump actions/checkout from 3.5.0 to 3.5.2 by dependabot in https://github.com/sblauth/cashocs/pull/217
* Bump sphinx-copybutton from 0.5.1 to 0.5.2 by dependabot in https://github.com/sblauth/cashocs/pull/218
* Add the possibility to compute a deformation from initial to optimized mesh by sblauth in https://github.com/sblauth/cashocs/pull/222
* Bump sphinx from 6.1.3 to 6.2.0 by dependabot in https://github.com/sblauth/cashocs/pull/224
* Mock mpi4py import for docs by sblauth in https://github.com/sblauth/cashocs/pull/225
* Clear PETSc's options correctly. by sblauth in https://github.com/sblauth/cashocs/pull/231
* Add keyword argument "gradient_ksp_options" to optimization problems by sblauth in https://github.com/sblauth/cashocs/pull/233
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/sblauth/cashocs/pull/236
* Bump docutils from 0.19 to 0.20 by dependabot in https://github.com/sblauth/cashocs/pull/234

New Contributors
* dependabot made their first contribution in https://github.com/sblauth/cashocs/pull/111
* snyk-bot made their first contribution in https://github.com/sblauth/cashocs/pull/187

**Full Changelog**: https://github.com/sblauth/cashocs/compare/v1.8.11...v2.0.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 5.0
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Impact (A)
PARTIAL