CVE-2023-30861

Advisory

Nettacker 0.3.1a2 updates its dependency 'flask' to v2.2.5 to include a security fix.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* New module citrix_cve_2023_24488_vuln to scan for CVE-2023-24488 by securestep9 in https://github.com/OWASP/Nettacker/pull/695
* New module: moveit_version_scan - scan for Progress MOVEit instances by securestep9 in https://github.com/OWASP/Nettacker/pull/711
* New module: http_status_scan by securestep9 in https://github.com/OWASP/Nettacker/pull/691
* New module: http_redirect_scan by securestep9 in https://github.com/OWASP/Nettacker/pull/693
* Bug Fixes, New feature and Functionality and modules by itsdivyanshjain in https://github.com/OWASP/Nettacker/pull/575
* replace requests with iohttp by Ali-Razmjoo in https://github.com/OWASP/Nettacker/pull/593
* open index.html by default by Ali-Razmjoo in https://github.com/OWASP/Nettacker/pull/594
* Multiple dependencies "bumped"/updated by dependabot https://github.com/OWASP/Nettacker/pulls?q=is%3Apr+author%3Aapp%2Fdependabot+is%3Aclosed
* issue558 fix by itsdivyanshjain in https://github.com/OWASP/Nettacker/pull/571
* local html reports improved by itsdivyanshjain in https://github.com/OWASP/Nettacker/pull/592
* Create codeql-analysis.yml by Ali-Razmjoo in https://github.com/OWASP/Nettacker/pull/600
* added copy to clipboard json_event by itsdivyanshjain in https://github.com/OWASP/Nettacker/pull/602
* bug fix in protocol vs actual lib name by Ali-Razmjoo in https://github.com/OWASP/Nettacker/pull/604
* turn off ssl verification in http modules by Ali-Razmjoo in https://github.com/OWASP/Nettacker/pull/607
* push new image to dockerhub from master by Ali-Razmjoo in https://github.com/OWASP/Nettacker/pull/610
* Small code refactoring by franzen in https://github.com/OWASP/Nettacker/pull/615
* [Snyk] Security upgrade python from 3.11.0rc2 to 3.11.0rc2-slim by Ali-Razmjoo in https://github.com/OWASP/Nettacker/pull/611
* Added pop3 brute force by Mrinank-Bhowmick in https://github.com/OWASP/Nettacker/pull/606
* Rename readme.md to README.md by zbraiterman in https://github.com/OWASP/Nettacker/pull/625
* Update Dockerfile - Python docker image update by securestep9 in https://github.com/OWASP/Nettacker/pull/652
* Moved Issues_template and pull_request_template to .github directory by suyash5053 in https://github.com/OWASP/Nettacker/pull/646
* Update README.md by securestep9 in https://github.com/OWASP/Nettacker/pull/667
* feat: 597 Add unit testing for sort_dictionary function by roddas in https://github.com/OWASP/Nettacker/pull/673
* [Snyk] Security upgrade flask from 2.2.3 to 2.2.5 by securestep9 in https://github.com/OWASP/Nettacker/pull/676
* feat: 597 Add unit testing for select_maximum_cpu_core function by roddas in https://github.com/OWASP/Nettacker/pull/679
* Added miniorange-login-openid to wp_plugin_small by securestep9 in https://github.com/OWASP/Nettacker/pull/689
* Update wordpress_version.yaml by securestep9 in https://github.com/OWASP/Nettacker/pull/701
* update X-Powered-By header logging by securestep9 in https://github.com/OWASP/Nettacker/pull/703
* Updated server_version_vuln module Server header logging by securestep9 in https://github.com/OWASP/Nettacker/pull/705
* Updated joomla_version_scan module by securestep9 in https://github.com/OWASP/Nettacker/pull/707
* Updated drupal_version_scan module by securestep9 in https://github.com/OWASP/Nettacker/pull/709


New Contributors
* franzen made their first contribution in https://github.com/OWASP/Nettacker/pull/615
* zbraiterman made their first contribution in https://github.com/OWASP/Nettacker/pull/625
* suyash5053 made their first contribution in https://github.com/OWASP/Nettacker/pull/646
* roddas made their first contribution in https://github.com/OWASP/Nettacker/pull/673

**Full Changelog**: https://github.com/OWASP/Nettacker/compare/0.0.3.6...0.3.1

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30861