Product Research Enterprise Plans Docs

PyPi: Pm4py

CVE-2021-23437

Transitive

Safety vulnerability ID: 42161

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 03, 2021 Updated at Dec 01, 2024

Scan your Python projects for vulnerabilities →

Advisory

Pm4py 2.2.13.1 updates its dependency 'pillow' to v8.3.2 to include security fixes.

Affected package

pm4py

Latest version: 2.7.12.4

Process mining for Python

Affected versions

Fixed versions

Vulnerability changelog

Fixed

* 35f2278a; 89c5f13b; 6a3579bc; 65fc182b; fa4448a6; c4e44311 c456c681; 6c6d96cc; e3770281; f091c43e; 6a20cf17; 69eb1ae7;
ca780326; 36cb3963 e4f3b16f; c9f80d1f; 94c5a6e0; a713ef3d:
* add fall-back to time-range filter if incorrect argument is passed
* fix the copying of the 'meta attributes' of the filtered event log for the start activities filter
* fix the copying of the 'meta attributes' of the filtered event log for the end activities filter
* fix the copying of the 'meta attributes' of the filtered event log for the attributes filter
* fix the copying of the 'meta attributes' of the filtered event log for the variants filter
* fix the copying of the 'meta attributes' of the filtered event log for the directly follows filter
* fix the copying of the 'meta attributes' for event logs in the ltl checker
* fix the copying of the 'meta attributes' for event logs in the timestamp filter
* ffe29353:
* create event log object before starting the parsing of XML file (in ITERPARSE_MEM_COMPRESSED)

Removed

Deprecated

Changed

* 8f2d899a
* allow to specify a cap on the number of times we visit the same marking in the extensive playout
* allow to return the firing sequences of extensive playout instead of an event log
* b707377b
* allow to return the firing sequences of basic/stochastic playout instead of an event log
* 9782f522
* extended exception management in streaming algorithm interface: release locks if exception happen
* 0a741566
* support importing of bpmn files that do not describe a name for gateways
* 583825d8
* refactored variant-based filtering: added top-K and coverage percentage
* ba073f54
* extended DFG filtering
* 8ebda3b1
* exploit variants in the extensive footprints conformance checking
* dc754c78
* change range(s) of timestamp filters to be inclusive (<=) rather than exclusive (<)

Added

Other

---

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 5.0

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Impact (A): PARTIAL