Workflow

PyPi: Pm4py

CVE-2021-28957

Transitive

Safety vulnerability ID: 42160

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 21, 2021 Updated at Dec 01, 2024
Scan your Python projects for vulnerabilities →

Advisory

Pm4py 2.2.4 updates its dependency 'lxml' to v4.6.3 to include a security fix.

Affected package

pm4py

Latest version: 2.7.12.4

Process mining for Python

Affected versions

Fixed versions

Vulnerability changelog

Fixed

* 816fb4ad
* fixed a bug in the Pandas case size filter (the constraints were not applied correctly).
* 40f142c4
* fixed a bug in the format_dataframe function (columns were duplicated if already existing with the same name).
* 00d1a7de
* reverted stream converter to old variant (in a slightly slower but safer way).

Removed

Deprecated

Changed

* 991a09d4
* introduce a time limit in the DFG playout.
* ae5d2a07
* return the state of the process tree along with the alignment for the process tree alignments.
* 8b77384f
* refactoring of the calculation of the fitness for Petri net alignments (scattered code).

Added

Other

* d58d34fd
* upgraded Dockerfile to Python 3.9
* 50114175
* resolved issue with the upcoming Python 3.10 release
* 89314905
* security issue in requirements

---

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
CHANGED
Confidentiality Impact (C)
LOW
Integrity Impact (I)
LOW
Availability Availability (A)
NONE

CVSS v2 Details

MEDIUM 4.3
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
NONE