Product Research Enterprise Plans Docs

PyPi: Whist-Server

CVE-2021-32677

Transitive

Safety vulnerability ID: 44803

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 09, 2021 Updated at Feb 13, 2024

Scan your Python projects for vulnerabilities →

Advisory

Whist-server 0.1.0 updates its dependency 'fastapi' to v0.65.2 to include a security fix.

Affected package

whist-server

Latest version: 0.8.0

Whist server implementation

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Add entrypoint by iTitus in https://github.com/Whist-Team/Whist-Server/pull/17
* Remove useless code by iTitus in https://github.com/Whist-Team/Whist-Server/pull/18
* Bump pylint from 2.7.4 to 2.8.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/19
* Bump pip from 21.0.1 to 21.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/20
* Bump pylint from 2.8.1 to 2.8.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/21
* Bump pip from 21.1 to 21.1.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/22
* Bump pytest from 6.2.3 to 6.2.4 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/24
* Bump setuptools from 56.0.0 to 56.1.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/23
* Bump setuptools from 56.1.0 to 56.2.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/27
* Bump fastapi[all] from 0.63.0 to 0.64.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/26
* Bump flake8 from 3.9.1 to 3.9.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/25
* Bump fastapi[all] from 0.64.0 to 0.65.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/28
* Bump fastapi[all] from 0.65.0 to 0.65.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/31
* Update pytest-cov by iTitus in https://github.com/Whist-Team/Whist-Server/pull/34
* Bump pip from 21.1.1 to 21.1.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/35
* Bump setuptools from 56.2.0 to 57.0.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/36
* Bump pylint from 2.8.2 to 2.8.3 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/37
* Bump pytest-cov from 2.12.0 to 2.12.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/38
* Bump fastapi[all] from 0.65.1 to 0.65.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/39
* FIX: namespace by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/44
* Bump pip from 21.1.2 to 21.1.3 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/48
* Separate Requirement Files by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/45
* Bump pylint from 2.8.3 to 2.9.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/49
* Bump pylint from 2.9.0 to 2.9.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/50
* Bump pylint from 2.9.2 to 2.9.3 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/52
* Bump setuptools from 57.0.0 to 57.1.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/53
* Bump fastapi[all] from 0.65.2 to 0.66.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/54
* Bump setuptools from 57.1.0 to 57.2.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/56
* Bump setuptools from 57.2.0 to 57.4.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/57
* Mongo Database by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/55
* Bump twine from 3.4.1 to 3.4.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/60
* Bump pylint from 2.9.3 to 2.9.5 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/61
* Bump fastapi[all] from 0.66.0 to 0.67.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/62
* Bump pymongo from 3.11.4 to 3.12.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/63
* Bump pip from 21.1.3 to 21.2.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/64
* Bump pylint from 2.9.5 to 2.9.6 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/66
* Bump fastapi[all] from 0.67.0 to 0.68.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/67
* User Creation by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/41
* HOTFIX: hard coded user id by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/70
* Password Verification Unit test by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/68
* Bump pip from 21.2.1 to 21.2.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/71
* REFACTOR: Api to sub packages by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/72
* Bump pip from 21.2.2 to 21.2.3 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/80
* Database services by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/79
* Bump wheel from 0.36.2 to 0.37.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/81
* Bump pip from 21.2.3 to 21.2.4 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/85
* FEATURE: UserDB to User conversion by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/83
* FEATURE: get user by username from db by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/84
* Bump pylint from 2.9.6 to 2.10.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/86
* Bump fastapi[all] from 0.68.0 to 0.68.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/87
* Add requirements to setup.py by Manuelraa in https://github.com/Whist-Team/Whist-Server/pull/88
* Bump pytest from 6.2.4 to 6.2.5 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/90
* ADD: require min typing version by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/91
* Feature: User database service by name by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/89
* Bump pylint from 2.10.2 to 2.11.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/92
* Bump pytest-cov from 2.12.1 to 3.0.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/93
* Bump fastapi[all] from 0.68.1 to 0.68.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/94
* UPDATE: python 3.10 support by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/51
* Bump fastapi[all] from 0.68.2 to 0.70.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/95
* Bump flake8 from 3.9.2 to 4.0.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/98
* Bump flake8 from 4.0.0 to 4.0.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/99
* FEATURE: Authentication by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/97
* UPDATE: run each configuration independently by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/102
* FEATURE: Game creation by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/77
* Build(deps-dev): bump pytest-asyncio from 0.15.1 to 0.16.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/105
* Build(deps): bump pymongo from 3.12.0 to 3.12.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/104
* FIX: user duplicate add by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/109
* FIX: id user drop in conversion by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/110
* UPDATE: use username as unique identifier by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/113
* Build(deps): bump whist-core from 0.1.0rc2 to 0.1.0rc3 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/115
* REFACTOR: use player as base by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/114
* Build(deps): bump whist-core from 0.1.0rc3 to 0.1.0rc4 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/116
* Build(deps): bump whist-core from 0.1.0rc4 to 0.1.0rc5 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/120
* Build(deps): bump pylint from 2.11.1 to 2.12.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/122
* FIX: flake line length by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/119
* FIX: pymongo migration by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/125
* Build(deps): bump pymongo from 3.12.1 to 4.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/123
* FEATURE: test env file by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/127
* ADD: security check by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/126
* Build(deps): bump pylint from 2.12.1 to 2.12.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/128
* Build(deps): bump pymongo from 4.0 to 4.0.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/129
* Build(deps): bump fastapi[all] from 0.70.0 to 0.70.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/131
* FEATURE: link table to game by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/117
* FEATURE: join to game by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/108
* ADD: Server Setup by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/130
* FIX: indentation docker publish by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/133
* ADD: game parameter settings during creation by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/135
* FEATURE: game save by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/136
* Build(deps): bump whist-core from 0.1.0rc5 to 0.1.0rc6 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/139
* BUMP: whist-core 0.1.0rc6 => 0.1.0rc7 by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/141
* Build(deps): bump whist-core from 0.1.0rc7 to 0.1.0rc8 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/143
* Build(deps): bump fastapi[all] from 0.70.1 to 0.71.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/144
* ADD: Table start by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/134
* Build(deps-dev): bump pytest-asyncio from 0.16.0 to 0.17.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/145
* Build(deps): bump whist-core from 0.1.0rc8 to 0.1.0rc9 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/146
* BUMP: whist core to 0.1.0rc10 by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/149
* FIX: table not saved by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/148
* FIX: second player interaction by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/151
* Build(deps): bump fastapi[all] from 0.71.0 to 0.72.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/153
* Build(deps-dev): bump pytest-asyncio from 0.17.0 to 0.17.1 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/152
* Build(deps-dev): bump pytest-asyncio from 0.17.1 to 0.17.2 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/154
* Build(deps): bump fastapi[all] from 0.72.0 to 0.73.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/156
* ADD: description header in readme by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/157
* UPDATE: play order and matcher core update integration by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/155
* FIX TEST: card must be in player hand by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/159
* UPDATE: error handling during user creation by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/160
* ADD: Getter for player's hand by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/158
* Build(deps): bump whist-core from 0.1.0rc11 to 0.1.0 by dependabot in https://github.com/Whist-Team/Whist-Server/pull/161
* FEATURE: First playable version by Segelzwerg in https://github.com/Whist-Team/Whist-Server/pull/142

New Contributors
* dependabot made their first contribution in https://github.com/Whist-Team/Whist-Server/pull/19
* Manuelraa made their first contribution in https://github.com/Whist-Team/Whist-Server/pull/88

**Full Changelog**: https://github.com/Whist-Team/Whist-Server/compare/v0.0.1...v0.1.0

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32677

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.1

CVSS v3 Details

HIGH 8.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): NONE

CVSS v2 Details

MEDIUM 5.8

Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): NONE