Product Research Enterprise Plans Docs

PyPi: C2cciutils

CVE-2023-32681

Transitive

Safety vulnerability ID: 62110

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 26, 2023 Updated at Nov 20, 2024

Scan your Python projects for vulnerabilities →

Advisory

C2cciutils 1.6.0 updates its 'requests' dependency to v2.31.0 to address CVE-2023-32681.

Affected package

c2cciutils

Latest version: 1.7.1

Common utilities for Camptocamp CI

Affected versions

Fixed versions

Vulnerability changelog

Added
- [925353](https://github.com/camptocamp/c2cciutils/commit/9253532e4506033134536ea85b8b14cf0746de94) - **missing .mypy_cache/ to Git ignore** - [sbrunner](https://github.com/sbrunner)
- [04a68e](https://github.com/camptocamp/c2cciutils/commit/04a68ecd20d0ad3ebaf0a5889db43b634567861b) - **the Snyk Linux cli** - [sbrunner](https://github.com/sbrunner)
- [b83537](https://github.com/camptocamp/c2cciutils/commit/b8353797cd8a64c6dc1a751489e20f8c7cf46689) - **the Snyk Linux cli** - [sbrunner](https://github.com/sbrunner)
- [1084](https://github.com/camptocamp/c2cciutils/pull/1084) - **an introduction in the readme, remove/update it** - [sbrunner](https://github.com/sbrunner)
- [1085](https://github.com/camptocamp/c2cciutils/pull/1085) - **tool to automatically create a new release** - [sbrunner](https://github.com/sbrunner)
- [c567ad](https://github.com/camptocamp/c2cciutils/commit/c567adf53b26756f9fb417fdd8df48f07a57fe45) - **missing version 1.5 in Renovate configuration** - [sbrunner](https://github.com/sbrunner)
- [bbff0d](https://github.com/camptocamp/c2cciutils/commit/bbff0d948194744cbb98a4fd8ecb18f060fe583b) - **the missing json files for Snyk** - [sbrunner](https://github.com/sbrunner)
- [53286d](https://github.com/camptocamp/c2cciutils/commit/53286d76e4da20f3c1d0cfd93fe9b878492a41c3) - **missing dist files** - [sbrunner](https://github.com/sbrunner)
- [1077](https://github.com/camptocamp/c2cciutils/pull/1077) - **the missing file wrapper_dist/index.js', remove some map files** - [sbrunner](https://github.com/sbrunner)
- [959](https://github.com/camptocamp/c2cciutils/pull/959) - **precommit hook** - [sbrunner](https://github.com/sbrunner)
- [a755ab](https://github.com/camptocamp/c2cciutils/commit/a755ab697fdc4210225cf1c90b5eea148fd58450) - **version 1.5** - [sbrunner](https://github.com/sbrunner)

Changed
- [1229](https://github.com/camptocamp/c2cciutils/pull/1229) - **Be able to publish the image on an alternative tag** - [sbrunner](https://github.com/sbrunner)
- [1221](https://github.com/camptocamp/c2cciutils/pull/1221) - **Use Python 3.9** - [sbrunner](https://github.com/sbrunner)
- [1220](https://github.com/camptocamp/c2cciutils/pull/1220) - **Use the new Prospector profile to avoid conflict or duplicated** - [sbrunner](https://github.com/sbrunner)
- [1218](https://github.com/camptocamp/c2cciutils/pull/1218) - **Support more spell-ignore-words files name** - [sbrunner](https://github.com/sbrunner)
- [1200](https://github.com/camptocamp/c2cciutils/pull/1200) - **Lock file maintenance (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [5a9def](https://github.com/camptocamp/c2cciutils/commit/5a9def4b384f31fa4b208a92db145385e017df02) - **Align support on GeoMapFish 2.8** - [sbrunner](https://github.com/sbrunner)
- [690189](https://github.com/camptocamp/c2cciutils/commit/690189fbae48a9e05a8db71578112b519b46990e) - **Constraint the used Poetry version** - [sbrunner](https://github.com/sbrunner)
- [1147](https://github.com/camptocamp/c2cciutils/pull/1147) - **Lock file maintenance (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1138](https://github.com/camptocamp/c2cciutils/pull/1138) - **[Backport master] Remove error message when there is no error** - [c2c-bot-gis-ci](https://github.com/c2c-bot-gis-ci)
- [62b33f](https://github.com/camptocamp/c2cciutils/commit/62b33f796ca200be94951a37fde48e6fbb3b3f4c) - **No wait for dpkg packages** - [sbrunner](https://github.com/sbrunner)
- [1116](https://github.com/camptocamp/c2cciutils/pull/1116) - **Lock file maintenance (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [031211](https://github.com/camptocamp/c2cciutils/commit/031211fc758a5e7e686e65b9b21d2a33ecc072a7) - **Increate the Continuous integration workflow timeout** - [sbrunner](https://github.com/sbrunner)
- [8e06e8](https://github.com/camptocamp/c2cciutils/commit/8e06e86a71d7530d202bc4cee96b46ed7653d209) - **Try to reorder the rules to make the dpkg one working** - [sbrunner](https://github.com/sbrunner)
- [1096](https://github.com/camptocamp/c2cciutils/pull/1096) - **The epoch is now required** - [sbrunner](https://github.com/sbrunner)
- [1089](https://github.com/camptocamp/c2cciutils/pull/1089) - **Lock file maintenance (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1095](https://github.com/camptocamp/c2cciutils/pull/1095) - **Skip spellcheck because the inner installation fail** - [sbrunner](https://github.com/sbrunner)
- [1083](https://github.com/camptocamp/c2cciutils/pull/1083) - **Move the validation into a pre-commit hook** - [sbrunner](https://github.com/sbrunner)
- [576185](https://github.com/camptocamp/c2cciutils/commit/576185da8b6ceacff410c0f05a3ba008e98a6f63) - **Upgrade pyOpenSSL** - [sbrunner](https://github.com/sbrunner)
- [964](https://github.com/camptocamp/c2cciutils/pull/964) - **Remove the checks (deprecated by pre-commits)** - [sbrunner](https://github.com/sbrunner)
- [1080](https://github.com/camptocamp/c2cciutils/pull/1080) - **Use the pre-commit hook from jsonschema2md2** - [sbrunner](https://github.com/sbrunner)
- [1078](https://github.com/camptocamp/c2cciutils/pull/1078) - **Use pre-commit hook from jsonschema-gentypes** - [sbrunner](https://github.com/sbrunner)
- [1068](https://github.com/camptocamp/c2cciutils/pull/1068) - **Lock file maintenance (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1059](https://github.com/camptocamp/c2cciutils/pull/1059) - **[Backport master] More strict dpkg file found check** - [c2c-bot-gis-ci](https://github.com/c2c-bot-gis-ci)
- [1057](https://github.com/camptocamp/c2cciutils/pull/1057) - **[Backport master] No fail but an error message on critical vulnerability** - [c2c-bot-gis-ci](https://github.com/c2c-bot-gis-ci)
- [1028](https://github.com/camptocamp/c2cciutils/pull/1028) - **Lock file maintenance (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1039](https://github.com/camptocamp/c2cciutils/pull/1039) - **[Backport master] Fix dry-run** - [c2c-bot-gis-ci](https://github.com/c2c-bot-gis-ci)
- [1036](https://github.com/camptocamp/c2cciutils/pull/1036) - **[Backport master] Better Snyk test in Continuous integration workflow** - [c2c-bot-gis-ci](https://github.com/c2c-bot-gis-ci)
- [1021](https://github.com/camptocamp/c2cciutils/pull/1021) - **[Backport master] Be able to configure Snyk contaner commands** - [c2c-bot-gis-ci](https://github.com/c2c-bot-gis-ci)
- [0de40f](https://github.com/camptocamp/c2cciutils/commit/0de40fd441750843560f6dbcdac78936b3ae655e) - **Don't create release, in conflict with publishing helm** - [sbrunner](https://github.com/sbrunner)

Fixed
- [f8e1b8](https://github.com/camptocamp/c2cciutils/commit/f8e1b8bc3af8890aa0128f6be040bc65f7f02b41) - **dpkg in Renovate** - [sbrunner](https://github.com/sbrunner)
- [1082](https://github.com/camptocamp/c2cciutils/pull/1082) - **the repository** - [sbrunner](https://github.com/sbrunner)
- [26b498](https://github.com/camptocamp/c2cciutils/commit/26b498b7c82efa33e05d0ccd36cc131642e21c82) - **Snyk** - [sbrunner](https://github.com/sbrunner)
- [3cb25e](https://github.com/camptocamp/c2cciutils/commit/3cb25e9bd85cf455a07beed588deb7e8fafbca99) - **Snyk** - [sbrunner](https://github.com/sbrunner)
- [dffb38](https://github.com/camptocamp/c2cciutils/commit/dffb3810d6c0f2a2b1536714da381dd32192ce8e) - **Snyk** - [sbrunner](https://github.com/sbrunner)
- [505dd9](https://github.com/camptocamp/c2cciutils/commit/505dd92c2033e1b0fec679ae876b09e6f5173d9b) - **Snyk audit** - [sbrunner](https://github.com/sbrunner)
- [1079](https://github.com/camptocamp/c2cciutils/pull/1079) - **the example project** - [sbrunner](https://github.com/sbrunner)
- [10ea4a](https://github.com/camptocamp/c2cciutils/commit/10ea4ab9320d62bd1c27970750225c835048961e) - **the dpkg scheduling** - [sbrunner](https://github.com/sbrunner)
- [1042](https://github.com/camptocamp/c2cciutils/pull/1042) - **the event type from edit to edited in pull request check workflow** - [sbrunner](https://github.com/sbrunner)
- [1041](https://github.com/camptocamp/c2cciutils/pull/1041) - **new error with attr in pull request check workflow** - [sbrunner](https://github.com/sbrunner)

Updated
- [1226](https://github.com/camptocamp/c2cciutils/pull/1226) - **dependency ubuntu_22_04/linux to v5.15.0-83.92 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1225](https://github.com/camptocamp/c2cciutils/pull/1225) - **all patch versions (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1222](https://github.com/camptocamp/c2cciutils/pull/1222) - **dependency ubuntu_22_04/linux to v5.15.0-82.91 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1219](https://github.com/camptocamp/c2cciutils/pull/1219) - **dependency ubuntu_22_04/postgresql-14 to v14.9-0ubuntu0.22.04.1 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1214](https://github.com/camptocamp/c2cciutils/pull/1214) - **dependency ubuntu_22_04/apt to v2.4.10 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1213](https://github.com/camptocamp/c2cciutils/pull/1213) - **to c2cciutils version 1.6 (CI updates)** - [sbrunner](https://github.com/sbrunner)
- [1210](https://github.com/camptocamp/c2cciutils/pull/1210) - **dependency ubuntu_22_04/linux to v5.15.0-79.86 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1206](https://github.com/camptocamp/c2cciutils/pull/1206) - **dependency ubuntu_22_04/openldap to v2.5.16+dfsg-0ubuntu0.22.04.1 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1197](https://github.com/camptocamp/c2cciutils/pull/1197) - **all patch versions (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1199](https://github.com/camptocamp/c2cciutils/pull/1199) - **pre-commit hook pre-commit/mirrors-prettier to v3 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1198](https://github.com/camptocamp/c2cciutils/pull/1198) - **all minor versions (master) (minor)** - [renovate[bot]](https://github.com/apps/renovate)
- [1193](https://github.com/camptocamp/c2cciutils/pull/1193) - **dependency ubuntu_22_04/binutils to v2.38-4ubuntu2.3 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1189](https://github.com/camptocamp/c2cciutils/pull/1189) - **dpkg (master) (minor)** - [renovate[bot]](https://github.com/apps/renovate)
- [1188](https://github.com/camptocamp/c2cciutils/pull/1188) - **dpkg (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1184](https://github.com/camptocamp/c2cciutils/pull/1184) - **dependency ubuntu_22_04/openldap to v2.5.15+dfsg-0ubuntu0.22.04.1 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1177](https://github.com/camptocamp/c2cciutils/pull/1177) - **dependency ubuntu_22_04/linux to v5.15.0-78.85 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1143](https://github.com/camptocamp/c2cciutils/pull/1143) - **all patch versions (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1145](https://github.com/camptocamp/c2cciutils/pull/1145) - **all minor versions (master) (minor)** - [renovate[bot]](https://github.com/apps/renovate)
- [1144](https://github.com/camptocamp/c2cciutils/pull/1144) - **dependency codespell to v2.2.5 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1146](https://github.com/camptocamp/c2cciutils/pull/1146) - **dependency types-setuptools to v68 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1140](https://github.com/camptocamp/c2cciutils/pull/1140) - **dependency ubuntu_22_04/linux to v5.15.0-76.83 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1134](https://github.com/camptocamp/c2cciutils/pull/1134) - **dependency ubuntu_22_04/linux to v5.15.0-75.82 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1130](https://github.com/camptocamp/c2cciutils/pull/1130) - **dependency ubuntu_22_04/python-pip to v22.0.2+dfsg-1ubuntu0.3 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1125](https://github.com/camptocamp/c2cciutils/pull/1125) - **dpkg (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1102](https://github.com/camptocamp/c2cciutils/pull/1102) - **dependency requests to v2.31.0 [SECURITY] (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1114](https://github.com/camptocamp/c2cciutils/pull/1114) - **all minor versions (master) (minor)** - [renovate[bot]](https://github.com/apps/renovate)
- [1113](https://github.com/camptocamp/c2cciutils/pull/1113) - **all patch versions (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1115](https://github.com/camptocamp/c2cciutils/pull/1115) - **dependency ubuntu_22_04/ca-certificates to v20230311 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1098](https://github.com/camptocamp/c2cciutils/pull/1098) - **pre-commit hook psf/black to v23 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1086](https://github.com/camptocamp/c2cciutils/pull/1086) - **all patch versions (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1087](https://github.com/camptocamp/c2cciutils/pull/1087) - **all minor versions (master) (minor)** - [renovate[bot]](https://github.com/apps/renovate)
- [1088](https://github.com/camptocamp/c2cciutils/pull/1088) - **pre-commit hook camptocamp/jsonschema-gentypes to v2 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1062](https://github.com/camptocamp/c2cciutils/pull/1062) - **all patch versions (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1063](https://github.com/camptocamp/c2cciutils/pull/1063) - **dependency codespell to v2.2.4 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1064](https://github.com/camptocamp/c2cciutils/pull/1064) - **all minor versions (master) (minor)** - [renovate[bot]](https://github.com/apps/renovate)
- [1066](https://github.com/camptocamp/c2cciutils/pull/1066) - **dependency pipenv to v2023 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1065](https://github.com/camptocamp/c2cciutils/pull/1065) - **asdf-vm/actions action to v2 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1067](https://github.com/camptocamp/c2cciutils/pull/1067) - **pre-commit hook psf/black to v23 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1053](https://github.com/camptocamp/c2cciutils/pull/1053) - **the used Ubuntu version to 22.04 in the workflows** - [sbrunner](https://github.com/sbrunner)
- [1027](https://github.com/camptocamp/c2cciutils/pull/1027) - **dependency types-setuptools to v67 (master)** - [renovate[bot]](https://github.com/apps/renovate)
- [1024](https://github.com/camptocamp/c2cciutils/pull/1024) - **all minor versions (master) (minor)** - [renovate[bot]](https://github.com/apps/renovate)
- [1023](https://github.com/camptocamp/c2cciutils/pull/1023) - **all patch versions (master) (patch)** - [renovate[bot]](https://github.com/apps/renovate)
- [1026](https://github.com/camptocamp/c2cciutils/pull/1026) - **dependency google-auth-oauthlib to v1 (master)** - [renovate[bot]](https://github.com/apps/renovate)

Contributors

- c2c-bot-gis-ci
- renovate[bot]
- sbrunner

Generated by [Automation](https://github.com/aeon-php/automation)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32681

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): NONE
Availability Availability (A): NONE