PyPi: Python-Homewizard-Energy

CVE-2023-40590

Transitive

Safety vulnerability ID: 61780

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 28, 2023 Updated at Nov 23, 2024
Scan your Python projects for vulnerabilities →

Advisory

Python-homewizard-energy 2.1.2 updates its dependency 'gitpython' to include a security fix.

Affected package

python-homewizard-energy

Latest version: 7.0.0

Asynchronous Python client for the HomeWizard Energy

Affected versions

Fixed versions

Vulnerability changelog

What's changed

- Dependency updates to fix:
- [CVE-2023-41040](https://github.com/DCSBL/python-homewizard-energy/security/dependabot/14) (4.0 / 10)
- [CVE-2023-43804](https://github.com/DCSBL/python-homewizard-energy/security/dependabot/13) (5.9 / 10)
- [CVE-2023-40590](https://github.com/DCSBL/python-homewizard-energy/security/dependabot/10) (7.8 / 10)

Dependency updates

- 243 Bump awesomeversion from 22.9.0 to 23.8.0 dependabot
- 244 Bump yamllint from 1.29.0 to 1.32.0 dependabot
- 252 Bump urllib3 from 1.26.12 to 1.26.17 dependabot
- 246 Bump actions/checkout from 3 to 4 dependabot
- 255 Bump gitpython from 3.1.32 to 3.1.35 dependabot
- 245 Bump pytest-cov from 4.0.0 to 4.1.0 dependabot
- 254 Bump pyupgrade from 3.3.1 to 3.15.0 dependabot
- 242 Bump bandit from 1.7.4 to 1.7.5 dependabot
- 257 Bump gitpython from 3.1.35 to 3.1.37 dependabot
- 258 Bump pytest from 7.4.1 to 7.4.2 dependabot
- 259 Bump pylint from 2.17.5 to 3.0.1 dependabot
- 260 Bump pre-commit from 3.3.3 to 3.4.0 dependabot
- 261 Bump flake8-simplify from 0.20.0 to 0.21.0 dependabot

**Full Changelog**: https://github.com/DCSBL/python-homewizard-energy/compare/v2.1.0...v2.1.2

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.8

CVSS v3 Details

HIGH 7.8
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH