Product Research Enterprise Plans Docs

PyPi: Cdk-Ecr-Deployment

CVE-2021-32796

Transitive

Safety vulnerability ID: 42166

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 27, 2021 Updated at Dec 11, 2024

Scan your Python projects for vulnerabilities →

Advisory

Cdk-ecr-deployment 0.0.60 updates its NPM dependency 'xmldom' to v0.7.0 to include a security fix.
https://github.com/cdklabs/cdk-ecr-deployment/commit/7b222a9a253a9a18371c489fbb2577e90f59fc4f

Affected package

cdk-ecr-deployment

Latest version: 3.0.150

CDK construct to deploy docker image to Amazon ECR

Affected versions

Fixed versions

Vulnerability changelog

[0.0.60](https://github.com/wchaws/cdk-ecr-deployment/compare/v0.0.59...v0.0.60) (2021-08-05)

Bug Fixes

* workaround xmldom security issue ([7b222a9](https://github.com/wchaws/cdk-ecr-deployment/commit/7b222a9a253a9a18371c489fbb2577e90f59fc4f))

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.3

CVSS v3 Details

MEDIUM 5.3

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): LOW
Availability Availability (A): NONE

CVSS v2 Details

MEDIUM 5.0

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): PARTIAL
Availability Impact (A): NONE