Product Research Enterprise Plans Docs

PyPi: Flashgeotext

CVE-2021-28363

Transitive

Safety vulnerability ID: 65480

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 15, 2021 Updated at Jun 24, 2024

Scan your Python projects for vulnerabilities →

Advisory

Flashgeotext version 0.3.1 updates its urllib3 dependency to 1.26.4 from 1.26.3, addressing the security vulnerability CVE-2021-28363.
https://github.com/iwpnd/flashgeotext/commit/e2f9f303fbd99a92a053228f6e8a18d9ae4fdc22

Affected package

flashgeotext

Latest version: 0.5.3

Extract and count countries and cities (+their synonyms) from text

Affected versions

Fixed versions

Vulnerability changelog

Feature

* feat: set default loglevel to WARNING, can be modified with LOGURU_LEVEL ([`532357c`](https://github.com/iwpnd/flashgeotext/commit/532357c2e5ab4dfbbb35fc9e53d63fba403d2c0b))

Unknown

* [Security] Bump urllib3 from 1.26.3 to 1.26.4

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.3 to 1.26.4. **This update includes a security fix.**
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.3...1.26.4)

Signed-off-by: dependabot-preview[bot] <supportdependabot.com> ([`e2f9f30`](https://github.com/iwpnd/flashgeotext/commit/e2f9f303fbd99a92a053228f6e8a18d9ae4fdc22))

* Bump pydoc-markdown from 3.10.0 to 3.10.1

Bumps [pydoc-markdown](https://github.com/NiklasRosenstein/pydoc-markdown) from 3.10.0 to 3.10.1.
- [Release notes](https://github.com/NiklasRosenstein/pydoc-markdown/releases)
- [Commits](https://github.com/NiklasRosenstein/pydoc-markdown/compare/v3.10.0...v3.10.1)

Signed-off-by: dependabot-preview[bot] <supportdependabot.com> ([`bda6822`](https://github.com/iwpnd/flashgeotext/commit/bda6822ded51110ad9778a978f856809e262387f))

* Bump mkdocs-material from 7.0.3 to 7.1.0

Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 7.0.3 to 7.1.0.
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/docs/changelog.md)
- [Commits](https://github.com/squidfunk/mkdocs-material/compare/7.0.3...7.1.0)

Signed-off-by: dependabot-preview[bot] <supportdependabot.com> ([`cb5100e`](https://github.com/iwpnd/flashgeotext/commit/cb5100e4b6835920c2d23877f38c59890b3629c9))

* Bump awscli from 1.19.17 to 1.19.44

Bumps [awscli](https://github.com/aws/aws-cli) from 1.19.17 to 1.19.44.
- [Release notes](https://github.com/aws/aws-cli/releases)
- [Changelog](https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst)
- [Commits](https://github.com/aws/aws-cli/compare/1.19.17...1.19.44)

Signed-off-by: dependabot-preview[bot] <supportdependabot.com> ([`5dacc48`](https://github.com/iwpnd/flashgeotext/commit/5dacc48eb26db70c95d1f924ae1e4ddcaa240947))

* Bump pytest from 6.2.2 to 6.2.3

Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.2 to 6.2.3.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/6.2.2...6.2.3)

Signed-off-by: dependabot-preview[bot] <supportdependabot.com> ([`e56ff5a`](https://github.com/iwpnd/flashgeotext/commit/e56ff5a464232e5b840d900f1bc135c242d8b599))

* Bump pydantic from 1.8 to 1.8.1

Bumps [pydantic](https://github.com/samuelcolvin/pydantic) from 1.8 to 1.8.1.
- [Release notes](https://github.com/samuelcolvin/pydantic/releases)
- [Changelog](https://github.com/samuelcolvin/pydantic/blob/master/HISTORY.md)
- [Commits](https://github.com/samuelcolvin/pydantic/compare/v1.8...v1.8.1)

Signed-off-by: dependabot-preview[bot] <supportdependabot.com> ([`7e07937`](https://github.com/iwpnd/flashgeotext/commit/7e079374780c1a0735db36bd7eafa534d7025f5f))

* Merge pull request 22 from iwpnd/dependabot/pip/pytest-6.2.2

Bump pytest from 5.4.3 to 6.2.2 ([`affb413`](https://github.com/iwpnd/flashgeotext/commit/affb4137d66812a7b779938260c848dbbbdfce35))

* update changelog, add additional info to pyproject.toml ([`9201e5d`](https://github.com/iwpnd/flashgeotext/commit/9201e5da363d996675bf95b3ddb1435b6e85576f))

* Bump pytest from 5.4.3 to 6.2.2

Bumps [pytest](https://github.com/pytest-dev/pytest) from 5.4.3 to 6.2.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/5.4.3...6.2.2)

Signed-off-by: dependabot-preview[bot] <supportdependabot.com> ([`5dae8c8`](https://github.com/iwpnd/flashgeotext/commit/5dae8c8885647771351d4ecb87b192c901158a41))

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28363

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.5

CVSS v3 Details

MEDIUM 6.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): LOW
Availability Availability (A): NONE

CVSS v2 Details

MEDIUM 6.4

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): NONE