Product Research Enterprise Plans Docs

PyPi: Pynecone

CVE-2023-29159

Transitive

Safety vulnerability ID: 59559

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 01, 2023 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Pynecone 0.1.33 updates its dependency 'fastapi' to version '0.96.0' to include a fix for an Improper Input Validation vulnerability.
https://github.com/reflex-dev/reflex/pull/1172

Affected package

pynecone

Latest version: 0.1.34

Web apps in pure Python.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Add Email Component by cterrazas2 in https://github.com/pynecone-io/pynecone/pull/1093
* Pynecone App should prevent all pycache folders and all .pyc, .pyo, .pyd files from being uploaded. by milochen0418 in https://github.com/pynecone-io/pynecone/pull/718
* Fix prevent default only for submit by picklelo in https://github.com/pynecone-io/pynecone/pull/1102
* add set_focus by curtis-turner in https://github.com/pynecone-io/pynecone/pull/1092
* add support for .env configuration by ElijahAhianyo in https://github.com/pynecone-io/pynecone/pull/1104
* Add Traditional Chinese language version README.md by JE-Chen in https://github.com/pynecone-io/pynecone/pull/1109
* feature: support video and audio components by TaiJuWu in https://github.com/pynecone-io/pynecone/pull/1095
* Support PIL Images in pc.image by Alek99 in https://github.com/pynecone-io/pynecone/pull/1096
* Update pydantic version by picklelo in https://github.com/pynecone-io/pynecone/pull/1112
* Add async events by picklelo in https://github.com/pynecone-io/pynecone/pull/1107
* Add fourth-level title and the fifth-level title styles by jiangmiemie in https://github.com/pynecone-io/pynecone/pull/1124
* revert pc select to original by ElijahAhianyo in https://github.com/pynecone-io/pynecone/pull/1123
* fix revert pc select to original by sheldonchiu in https://github.com/pynecone-io/pynecone/pull/1128
* prevent pc config override by sheldonchiu in https://github.com/pynecone-io/pynecone/pull/1130
* Add Date and DateTime Pickers by aidanjrauscher in https://github.com/pynecone-io/pynecone/pull/1126
* Fix processing flag for generator event handlers by picklelo in https://github.com/pynecone-io/pynecone/pull/1136
* UI connection warning: by ElijahAhianyo in https://github.com/pynecone-io/pynecone/pull/1111
* disable UI warning component by default by ElijahAhianyo in https://github.com/pynecone-io/pynecone/pull/1145
* add custom_attrs to pc.element by sheldonchiu in https://github.com/pynecone-io/pynecone/pull/1131
* link: `as_={NextLink}` for next 13 compatibility by masenf in https://github.com/pynecone-io/pynecone/pull/1138
* Update to v0.1.33 by picklelo in https://github.com/pynecone-io/pynecone/pull/1146
* Feat/admin dashboard by cterrazas2 in https://github.com/pynecone-io/pynecone/pull/1098
* Add Chakra Stepper Component by aidanjrauscher in https://github.com/pynecone-io/pynecone/pull/1142
* Fix next/link imports by picklelo in https://github.com/pynecone-io/pynecone/pull/1153
* Fix upload error when no files are set by picklelo in https://github.com/pynecone-io/pynecone/pull/1156
* add meta args by jiangmiemie in https://github.com/pynecone-io/pynecone/pull/1158
* add async tests by ElijahAhianyo in https://github.com/pynecone-io/pynecone/pull/1163
* Disable hidden logs for windows. by ElijahAhianyo in https://github.com/pynecone-io/pynecone/pull/1161
* run setup_frontend during pc export by sheldonchiu in https://github.com/pynecone-io/pynecone/pull/1148
* [Fix 1169] Create empty directory for pc.get_asset_path() when .web init by milochen0418 in https://github.com/pynecone-io/pynecone/pull/1171
* Fix processing flag for generator events by picklelo in https://github.com/pynecone-io/pynecone/pull/1157
* fix: on_load accepts EventSpec by TaiJuWu in https://github.com/pynecone-io/pynecone/pull/1166
* Component props docs update: by ElijahAhianyo in https://github.com/pynecone-io/pynecone/pull/1176
* Fix pc.html using state vars by picklelo in https://github.com/pynecone-io/pynecone/pull/1177
* fix link issue with href by Lendemor in https://github.com/pynecone-io/pynecone/pull/1173
* fix allow_multiple & toggle_toggle conflict by Lendemor in https://github.com/pynecone-io/pynecone/pull/1175
* update fastapi version to resolve starlette security issue by Lendemor in https://github.com/pynecone-io/pynecone/pull/1172
* cleanup admin feature by removing unneeded option by Lendemor in https://github.com/pynecone-io/pynecone/pull/1168
* Fix pc.link with no href by picklelo in https://github.com/pynecone-io/pynecone/pull/1178

New Contributors
* cterrazas2 made their first contribution in https://github.com/pynecone-io/pynecone/pull/1093
* curtis-turner made their first contribution in https://github.com/pynecone-io/pynecone/pull/1092
* JE-Chen made their first contribution in https://github.com/pynecone-io/pynecone/pull/1109
* jiangmiemie made their first contribution in https://github.com/pynecone-io/pynecone/pull/1124
* aidanjrauscher made their first contribution in https://github.com/pynecone-io/pynecone/pull/1126

**Full Changelog**: https://github.com/pynecone-io/pynecone/compare/v0.1.32...v0.1.33

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29159

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): NONE