PyPi: Licenseware

CVE-2022-25313

Transitive

Safety vulnerability ID: 51856

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 18, 2022 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Licenseware 2.0.0 updates its dependency 'libexpat1' in the Dockerfile to include security fixes.
https://github.com/licenseware/licenseware-sdk-v2/pull/59

Affected package

licenseware

Latest version: 2.4.7

Common utilities for licenseware.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* fix: update quota for /tenants path by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/1
* Stable auth registry by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/2
* Report snapshots by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/3
* fix: updated auth url user check by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/5
* feature: register all except tenants to /registrations by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/4
* db: log all the queries before hitting the database 🔊 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/6
* feat: log tenant-id everytime 🔊 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/7
* fix: find tenant-id only inside web-app 🐛 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/8
* fix: put an empty string for tenant-id outside request context 🐛 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/9
* fix: ignore missing keys when logging 🐛 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/10
* feat: add tracing dependencies ✨ by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/11
* fix: get tenants for quota from auth /tenants/quota-tenants endpoint by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/12
* fix: added deployment suffix and mongo collection prefix needed for aws by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/16
* ci: build docker image & push to Github registry 👷 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/17
* ci: modify typo in dockerfile & reduce image size 💚 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/18
* deploy: change the docker base image to liceseware 🚀 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/19
* fix: show enum values from OneOf choises by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/20
* deploy: temporary disable dumb-init 🚀 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/22
* deploy: revert back to dumb-init 🚀 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/23
* ci: use context in workflow and remove ipython 💚 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/24
* fix: don't stop processing if unzip fails by ciprian-cgr in https://github.com/licenseware/licenseware-sdk-v2/pull/25
* fix: updated app jinja templates by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/26
* [Snyk] Security upgrade loguru from 0.5.3 to 0.6.0 by snyk-bot in https://github.com/licenseware/licenseware-sdk-v2/pull/27
* chore: updated test_helpers by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/29
* fix: add field encapsulation on csv exports by ciprian-cgr in https://github.com/licenseware/licenseware-sdk-v2/pull/30
* fix: create upload dir during build 🐛 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/31
* chore: trigger build by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/32
* fix: bring back build workflow 💚 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/33
* feat: added sort by on fetch by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/34
* fix: return empty list if sortby is none by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/35
* fix: empty list not accepted returning None instead by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/36
* fix: pymongo doesn't skip falsy values, added if else for sort by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/37
* fix: provide none as default argument for list type 🐛 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/38
* feat: added function to set envs when developing without docker by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/39
* chore: show auth reason for failing by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/40
* feat: added more states by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/41
* fix: catch exception on non data apps for envs by ciprian-cgr in https://github.com/licenseware/licenseware-sdk-v2/pull/42
* feat: add logging for file processing by ciprian-cgr in https://github.com/licenseware/licenseware-sdk-v2/pull/43
* Improve logging for aws/slack by ciprian-cgr in https://github.com/licenseware/licenseware-sdk-v2/pull/44
* Features by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/45
* ci: add CodeQL analysis workflow by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/47
* Fix required columns for csv stream by adrian-mih in https://github.com/licenseware/licenseware-sdk-v2/pull/46
* fix: better auto imports by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/48
* Bump flask to 2.0 by ciprian-cgr in https://github.com/licenseware/licenseware-sdk-v2/pull/49
* Cache authorization check by ciprian-cgr in https://github.com/licenseware/licenseware-sdk-v2/pull/50
* feat: improved auth test helper by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/51
* fix: allow use of cli outside flask context by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/52
* feat: set default tenant on auth test helper by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/53
* fix: send_from_directory use path instead of filename on preview image by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/54
* feat: cache results on redis ✨ by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/55
* fix: receive none as default redis password 🐛 by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/56
* fix: added correct fetch match types by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/57
* fix: fetch match typing by ClimenteA in https://github.com/licenseware/licenseware-sdk-v2/pull/58
* fix: upgrade library for security vulnerability 🔒️ by meysam81 in https://github.com/licenseware/licenseware-sdk-v2/pull/59

New Contributors
* ciprian-cgr made their first contribution in https://github.com/licenseware/licenseware-sdk-v2/pull/25
* snyk-bot made their first contribution in https://github.com/licenseware/licenseware-sdk-v2/pull/27
* adrian-mih made their first contribution in https://github.com/licenseware/licenseware-sdk-v2/pull/46

**Full Changelog**: https://github.com/licenseware/licenseware-sdk-v2/commits/v2.0.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.5

CVSS v3 Details

MEDIUM 6.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 4.3
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Impact (A)
PARTIAL