Product Research Enterprise Plans Docs

PyPi: Bas-Air-Unit-Network-Dataset

CVE-2023-37920

Transitive

Safety vulnerability ID: 62496

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 25, 2023 Updated at Feb 15, 2025

Scan your Python projects for vulnerabilities →

Advisory

Bas-air-unit-network-dataset 0.3.0 updates its dependency 'certifi' to v2023.11.17 to include a security fix.

Affected package

bas-air-unit-network-dataset

Latest version: 0.5.1

Utility to process routes and waypoints used by the British Antarctic Survey (BAS) Air Unit

Affected versions

Fixed versions

Vulnerability changelog

Removed [BREAKING!]

* 3D geometry support, waypoint geometries may no longer specify elevation values
[150](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/150)
* Support for comments in route waypoints
[141](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/141)
* Support for installing/running on Windows
[198](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/198)
* GPX waypoint descriptions now only contain the waypoint name, rather than additional properties (such as comment)
[126](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/126)

Added

* Flake8 code linting
[83](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/83)
* Bandit static security analysis
[85](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/85)
* Safety vulnerability scanning
[84](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/84)
* Black code formatting
[81](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/81)
* Basic Continuous Integration
[82](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/82)
* Improved Continuous Integration, verifying test network can be minimally processed
[168](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/168)
* Versioning to the test network
[173](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/173)
* Script to recreate test network as GeoJSON for testing in QGIS
[174](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/174)
* Continuous Deployment
[167](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/167)
* GitLab release issue template
[124](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/124)
* Co-located example in test network
[178](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/178)

Fixed

* File encoding for CSV files when opened with Microsoft Excel
[185](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/185)
* Addressing security vulnerabilities
[195](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/195)
* Correcting double longitude value in convert to DDM function
[196](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/196)
* Various bugs and improvements to FPL exporter
[197](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/197)
* Using correct terminology for waypoint identifiers
[177](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/177)
* Improve waypoint comment parsing
[132](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/132)

Changed

* Upgrading Python dependencies
[140](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/140)
* Downgrading required Python version to 3.8, for compatibility with the Operations Data Store project
[138](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/138)
* Incorporating the test network into this project
[172](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/172)
* Waypoints will be sorted by their sequence when added to a route
[164](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/164)
* Refactoring classes into more manageable modules
[202](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/202)
[206](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/206)
* Aligning development environment stack with Ops Data Store
[200](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/200)
* Upgrading to Python 3.9.x
[202](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/202)
* Including FPL XSD schema refactored to be included as static file
[203](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/203)
* Updating naming format for CSV outputs to include coordinate format consistently
[180](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/180)
* Renaming `FPLRouteWaypoint.waypoint_identifier` to `FPLRouteWaypoint.waypoint_reference` to better reflect its purpose
[158](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/158)

Removed

* Installation bundle concept
[199](https://gitlab.data.bas.ac.uk/MAGIC/air-unit-network-dataset/-/issues/199)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37920

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH