PyPi: Line-Bot-Sdk

CVE-2023-37276

Transitive

Safety vulnerability ID: 60194

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 19, 2023 Updated at Nov 13, 2024
Scan your Python projects for vulnerabilities →

Advisory

Line-bot-sdk 3.2.0 updates its dependency 'aiohttp' to version '3.8.5' to include a fix for an HTTP Request Smuggling vulnerability.
https://github.com/line/line-bot-sdk-python/pull/491

Affected package

line-bot-sdk

Latest version: 3.14.2

LINE Messaging API SDK for Python

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Replace old liff functions with new ones and keep backward compatibility by Yang-33 in https://github.com/line/line-bot-sdk-python/pull/486
- Some Liff function names are deprecated. Please use new ones defined in https://github.com/line/line-openapi/pull/26.
* Bump version to 3.2.0 by github-actions in https://github.com/line/line-bot-sdk-python/pull/500
- Apply https://github.com/line/line-openapi/pull/28 to code, for fixing https://github.com/line/line-bot-sdk-python/issues/498

Others
* chore(deps): update dependency org.apache.maven.plugins:maven-surefire-plugin to v3 by renovate in https://github.com/line/line-bot-sdk-python/pull/464
* chore(deps): update dependency black to v23.7.0 by renovate in https://github.com/line/line-bot-sdk-python/pull/483
* chore(deps): update line-openapi digest to db2f30d by renovate in https://github.com/line/line-bot-sdk-python/pull/485
* chore(deps): update dependency aiohttp to v3.8.5 [security] by renovate in https://github.com/line/line-bot-sdk-python/pull/491
* Drop python 3.7's CI since it's EOL. by tokuhirom in https://github.com/line/line-bot-sdk-python/pull/495
* drop python 3.7 support by tokuhirom in https://github.com/line/line-bot-sdk-python/pull/494
* chore(deps): update dependency black to v23.7.0 by renovate in https://github.com/line/line-bot-sdk-python/pull/492
* update pydantic from v1 to v2. by tokuhirom in https://github.com/line/line-bot-sdk-python/pull/497
* chore(deps): update line-openapi digest to 5c1f76e by renovate in https://github.com/line/line-bot-sdk-python/pull/501


**Full Changelog**: https://github.com/line/line-bot-sdk-python/compare/3.1.0...3.2.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
HIGH
Availability Availability (A)
NONE