Product Research Enterprise Plans Docs

PyPi: Pytest-Socket

CVE-2023-29159

Transitive

Safety vulnerability ID: 64593

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 01, 2023 Updated at Jan 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Pytest-socket 0.7.0 updates its dependency on the Starlette library from version "^0.26.1" to "^0.27.0". This change addresses the security vulnerability CVE-2023-29159.
https://github.com/miketheman/pytest-socket/pull/219/commits/8d8bd41e56895a9114bce2ea93fb5b6fa6d2e123

Affected package

pytest-socket

Latest version: 0.7.0

Pytest Plugin to disable socket calls during tests

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/191
* chore(deps-dev): update starlette requirement from ^0.23.0 to ^0.24.0 by dependabot in https://github.com/miketheman/pytest-socket/pull/192
* feat: force enable socket CLI flag by mgaitan in https://github.com/miketheman/pytest-socket/pull/186
* chore(deps-dev): update starlette requirement from ^0.24.0 to ^0.25.0 by dependabot in https://github.com/miketheman/pytest-socket/pull/193
* chore(deps): update actions/checkout action to v3.4.0 by renovate in https://github.com/miketheman/pytest-socket/pull/198
* chore(deps): bump actions/stale from 7 to 8 by dependabot in https://github.com/miketheman/pytest-socket/pull/200
* chore(deps): bump actions/checkout from 3.4.0 to 3.5.0 by dependabot in https://github.com/miketheman/pytest-socket/pull/202
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/204
* chore(deps-dev): update starlette requirement from ^0.25.0 to ^0.26.1 by dependabot in https://github.com/miketheman/pytest-socket/pull/197
* chore(deps): update actions/checkout action to v3.5.2 by renovate in https://github.com/miketheman/pytest-socket/pull/207
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/213
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/214
* chore(deps): update dependency pytest-httpbin to v2 by renovate in https://github.com/miketheman/pytest-socket/pull/215
* chore(deps): update dependency starlette to ^0.27.0 [security] by renovate in https://github.com/miketheman/pytest-socket/pull/219
* chore(deps): update actions/checkout action to v3.5.3 by renovate in https://github.com/miketheman/pytest-socket/pull/222
* chore(deps): update dependency starlette to ^0.28.0 by renovate in https://github.com/miketheman/pytest-socket/pull/225
* chore(deps): update dependency httpx to ^0.24.0 by renovate in https://github.com/miketheman/pytest-socket/pull/206
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/224
* test: remove deprecated asynctest by miketheman in https://github.com/miketheman/pytest-socket/pull/226
* test: test against Python 3.11 by miketheman in https://github.com/miketheman/pytest-socket/pull/175
* test: extract common function for reuse by miketheman in https://github.com/miketheman/pytest-socket/pull/227
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/228
* test: update test remote with stable service by miketheman in https://github.com/miketheman/pytest-socket/pull/231
* test: speed up with dependency caching by miketheman in https://github.com/miketheman/pytest-socket/pull/232
* fix: only emit license and readme for sdist by miketheman in https://github.com/miketheman/pytest-socket/pull/233
* test: don't fail silently by miketheman in https://github.com/miketheman/pytest-socket/pull/234
* chore(allow_hosts): Use getaddrinfo instead of gethostbyname by hasier in https://github.com/miketheman/pytest-socket/pull/209
* chore(deps): update dependency pytest to v7.4.0 by renovate in https://github.com/miketheman/pytest-socket/pull/235
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/236
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/237
* chore(deps-dev): bump starlette from 0.28.0 to 0.29.0 by dependabot in https://github.com/miketheman/pytest-socket/pull/239
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/240
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/241
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/242
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/243
* chore(deps): update actions/checkout action to v3.6.0 by renovate in https://github.com/miketheman/pytest-socket/pull/244
* chore(deps): update dependency coverage to v7.3.0 by renovate in https://github.com/miketheman/pytest-socket/pull/247
* chore(deps-dev): bump certifi from 2023.5.7 to 2023.7.22 by dependabot in https://github.com/miketheman/pytest-socket/pull/249
* chore(deps): update dependency pytest to v7.4.1 by renovate in https://github.com/miketheman/pytest-socket/pull/250
* chore(deps): update actions/checkout action to v4 by renovate in https://github.com/miketheman/pytest-socket/pull/251
* chore(deps): update dependency pytest-randomly to v3.15.0 by renovate in https://github.com/miketheman/pytest-socket/pull/248
* chore(deps): update dependency coverage to v7.3.1 by renovate in https://github.com/miketheman/pytest-socket/pull/252
* chore(deps): update dependency pytest to v7.4.2 by renovate in https://github.com/miketheman/pytest-socket/pull/253
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/254
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/256
* chore(deps): update actions/checkout action to v4.1.0 by renovate in https://github.com/miketheman/pytest-socket/pull/257
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/258
* chore(deps): update minimum required pytest version by miketheman in https://github.com/miketheman/pytest-socket/pull/269
* chore(deps): bump actions/checkout from 4.1.0 to 4.1.1 by dependabot in https://github.com/miketheman/pytest-socket/pull/264
* chore(deps): update dependency coverage to v7.3.2 by renovate in https://github.com/miketheman/pytest-socket/pull/271
* chore(deps): update dependency httpx to ^0.25.0 by renovate in https://github.com/miketheman/pytest-socket/pull/255
* chore(deps-dev): bump pytest-randomly from 3.12.0 to 3.15.0 by dependabot in https://github.com/miketheman/pytest-socket/pull/274
* chore(deps-dev): bump werkzeug from 2.2.3 to 2.3.8 by dependabot in https://github.com/miketheman/pytest-socket/pull/276
* chore(deps): update actions/setup-python action to v5 by renovate in https://github.com/miketheman/pytest-socket/pull/281
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/261
* chore(deps): bump actions/stale from 8 to 9 by dependabot in https://github.com/miketheman/pytest-socket/pull/283
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/284
* chore(deps): bump github/codeql-action from 2 to 3 by dependabot in https://github.com/miketheman/pytest-socket/pull/287
* chore(deps-dev): bump coverage from 7.3.2 to 7.3.3 by dependabot in https://github.com/miketheman/pytest-socket/pull/289
* chore(deps-dev): bump starlette from 0.29.0 to 0.34.0 by dependabot in https://github.com/miketheman/pytest-socket/pull/290
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/291
* fix(deps): update dependency pytest to v7.4.4 by renovate in https://github.com/miketheman/pytest-socket/pull/296
* fix: allow ip hosts and hostnames by magnasilvar in https://github.com/miketheman/pytest-socket/pull/275
* chore(deps): update dependency coverage to v7.4.0 by renovate in https://github.com/miketheman/pytest-socket/pull/288
* chore(deps): update dependency httpx to ^0.26.0 by renovate in https://github.com/miketheman/pytest-socket/pull/292
* [pre-commit.ci] pre-commit autoupdate by pre-commit-ci in https://github.com/miketheman/pytest-socket/pull/297
* chore(deps-dev): bump starlette from 0.34.0 to 0.35.1 by dependabot in https://github.com/miketheman/pytest-socket/pull/300
* chore(deps-dev): bump jinja2 from 3.1.2 to 3.1.3 by dependabot in https://github.com/miketheman/pytest-socket/pull/299
* chore(deps-dev): bump starlette from 0.35.1 to 0.36.1 by dependabot in https://github.com/miketheman/pytest-socket/pull/301
* chore(dependencies): update custom httpbin pin by miketheman in https://github.com/miketheman/pytest-socket/pull/302

New Contributors
* mgaitan made their first contribution in https://github.com/miketheman/pytest-socket/pull/186
* hasier made their first contribution in https://github.com/miketheman/pytest-socket/pull/209
* magnasilvar made their first contribution in https://github.com/miketheman/pytest-socket/pull/275

**Full Changelog**: https://github.com/miketheman/pytest-socket/compare/0.6.0...0.7.0

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29159

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): NONE