Product Research Enterprise Plans Docs

PyPi: Pigar

CVE-2022-23491

Transitive

Safety vulnerability ID: 59148

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 07, 2022 Updated at Dec 18, 2024

Scan your Python projects for vulnerabilities →

Advisory

Pigar 2.0.3 updates its dependency 'certifi' to version '2022.12.7' to include a security fix.
https://github.com/damnever/pigar/commit/34e1e6b957ce78438ee1fbd0e5c94535ebab7179
https://github.com/advisories/GHSA-43fp-rhv2-5gv8

Affected package

pigar

Latest version: 2.1.7

A tool to generate requirements.txt for Python project.

Affected versions

Fixed versions

Vulnerability changelog

- Bump certifi from 2022.9.24 to 2022.12.7 (ref: https://github.com/advisories/GHSA-43fp-rhv2-5gv8)
- Fixed os.path.commonpath raises ValueError for different drives.

See what’s changed in detail [between v2.0.2 and v2.0.3](https://github.com/damnever/pigar/compare/v2.0.2...v2.0.3).

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): HIGH
Availability Availability (A): NONE