Product Research Enterprise Plans Docs

PyPi: Micropython-Mdns

CVE-2022-40898

Transitive

Safety vulnerability ID: 61365

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 23, 2022 Updated at Jan 19, 2025

Scan your Python projects for vulnerabilities →

Advisory

Micropython-mdns 1.3.0 updates its dependency 'wheel' to v0.38.0 to include a security fix.

Affected package

micropython-mdns

Latest version: 1.6.0

MDNS for micropython with service discovery support

Affected versions

Fixed versions

Vulnerability changelog

Chore

* chore: update documentation for new advertise function

Add documentation to show how service_host_name
in the advertise endpoint works. ([`3b969b8`](https://github.com/cbrand/micropython-mdns/commit/3b969b8dab64ea33f92ea1920cdc02ce74b45529))

* chore: fix Makefile for other configs

Make tty interface configurable ([`c2bb1e7`](https://github.com/cbrand/micropython-mdns/commit/c2bb1e72486b191798b52e626c0475c9f414caa4))

* chore: fix Dockerfile configuration

Remove the python installations in all Dockerfiles to allow
building the project with newer docker files. ([`89f2e58`](https://github.com/cbrand/micropython-mdns/commit/89f2e58d8b02f6714985b080a74d3a0986a17770))

Feature

* feat: add support for configurable service hostnames

Instead of fixing the service host name to the hostname
of the host, make it possible to add a new parameter
`host` into the `advertise` function of the service and allow it to
register its own advertised name in the service.

Usage example:

loop = uasyncio.get_event_loop()
client = Client(own_ip_address)
responder = Responder(
client,
own_ip=lambda: own_ip_address,
host=lambda: &34;my-awesome-microcontroller-{}&34;.format(responder.generate_random_postfix()),
)

def announce_service():
responder.advertise(&34;_myawesomeservice&34;, &34;_tcp&34;, port=12345, data={&34;some&34;: &34;metadata&34;, &34;for&34;: [&34;my&34;, &34;service&34;]}, service_host_name=&34;myoverwrittenhost&34;)
([`cc6169f`](https://github.com/cbrand/micropython-mdns/commit/cc6169ff06734befc5e042be6ee7768c8ff60904))

* feat: add build for micropython 1.20 ([`01b7996`](https://github.com/cbrand/micropython-mdns/commit/01b7996ac22db7879a22e86f21807259b617d125))

Fix

* fix: make all imports absolute

Fix which might help using the library in a frozen module. ([`bafe176`](https://github.com/cbrand/micropython-mdns/commit/bafe17626411ed934b10ba4dd7867d7c7187364c))

* fix: requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3092128
- https://snyk.io/vuln/SNYK-PYTHON-WHEEL-3180413 ([`c717474`](https://github.com/cbrand/micropython-mdns/commit/c7174746614458885f48d1f471e226b79c347871))

Unknown

* Version 1.3.0 ([`afe2f04`](https://github.com/cbrand/micropython-mdns/commit/afe2f04d764954e9c606fac90b69649c94dca020))

* Merge pull request 7 from cbrand/snyk-fix-7f31355a1fdab2fb82c5f78ff819d38f

[Snyk] Security upgrade wheel from 0.30.0 to 0.38.0 ([`8a92073`](https://github.com/cbrand/micropython-mdns/commit/8a920730cae49437a589bda6c95401a9f14561ec))

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40898

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH