Workflow

PyPi: Vmware-Aria-Operations-Integration-Sdk

CVE-2023-40590

Transitive

Safety vulnerability ID: 61251

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 28, 2023 Updated at Feb 12, 2025
Scan your Python projects for vulnerabilities →

Advisory

Vmware-aria-operations-integration-sdk 1.0.1 updates it dependency 'gitpython' to v3.1.34 to include a security fix.

Affected package

vmware-aria-operations-integration-sdk

Latest version: 1.2.0

A set of tools to help users create, test, and build containerized management packs for VMware Aria Operations

Affected versions

Fixed versions

Vulnerability changelog

* Update dependencies to resolve a security vulnerability in GitPython
* Fix issue where registry URL would not parse correctly if a port was not present
* Fix issue where server would repeatedly crash if logging directory was not writable
* If user runs mp-init using root, the logs directory's permissions are set to world-wriable
* If user runs mp-init as root, mp-init warns that the above will happen
* Improves error handling when logs directory is not writable to prevent server crashes

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.8

CVSS v3 Details

HIGH 7.8
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH