Product Research Enterprise Plans Docs

PyPi: Mtr2mqtt

CVE-2022-40897

Transitive

Safety vulnerability ID: 63021

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 23, 2022 Updated at Oct 30, 2024

Scan your Python projects for vulnerabilities →

Advisory

Mtr2mqtt 0.5.1 upgrades Python Packaging Authority (PyPA) on its Dockerfile to fix the vulnerability CVE-2022-40897 in the base image.
https://github.com/tvallas/mtr2mqtt/commit/d2be9863485535d1c9ce2e493b1a00cc62bfe877#diff-dd2c0eb6ea5cfc6c4bd4eac30934e2d5746747af48fef6da689e85b752f39557R6

Affected package

mtr2mqtt

Latest version: 0.5.3

MTR receiver readings to MQTT server

Affected versions

Fixed versions

Vulnerability changelog

Fix

* fix: update packages with vulnerabilities (34)

* fix: update packages with vulnerabilities

* ci: remove exact python version from lint and test on push job as referred version is unavailable

* ci: make trivy scan workflow use python 3.8

* ci: explicitly set the python-semantic-release version to 7.x as the 8 version has breaking changes

The version 8 seems to have missing option to print current version using command `print-version`

* fix: update vulnerable package in docker image ([`d2be986`](https://github.com/tvallas/mtr2mqtt/commit/d2be9863485535d1c9ce2e493b1a00cc62bfe877))

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.9

CVSS v3 Details

MEDIUM 5.9

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH