Product Research Enterprise Plans Docs

PyPi: Gnss-Lib-Py

CVE-2023-24816

Transitive

Safety vulnerability ID: 55305

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 10, 2023 Updated at Aug 27, 2024

Scan your Python projects for vulnerabilities →

Advisory

Gnss-lib-py 0.1.9 updates its dependency 'ipython' to v8.12.0 to include a security fix.

Affected package

gnss-lib-py

Latest version: 1.0.3

Modular Python tool for parsing, analyzing, and visualizing Global Navigation Satellite Systems (GNSS) data and state estimates

Affected versions

Fixed versions

Vulnerability changelog

This version includes many exciting upgrades:

- documentation improvements in the Development Guides and Standard Naming Conventions
- Namespacing that simplifies running modules to:

import gnss_lib_py as glp
data = glp.NavData()

or

from gnss_lib_py import NavData
data = NavData()

- compatibility with the Chemnitz smartLoc dataset
- improvements and bug fixes to `ephemeris.py` for downloading broadcast ephemeris
- added sorting and improved wildcard searching for `navdata.py`
- improved testing coverage throughout
- updated package dependencies to clear security warnings

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24816

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.0

CVSS v3 Details

HIGH 7.0

Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH