CVE-2023-47627

Advisory

Openimis-be-api-fhir-r4 version 23.10 has upgraded its aiohttp library from version 3.8.1 to 3.8.5 to address security vulnerabilities and ensure compatibility as noted in CVE-2023-47627.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* OTC-843 modular IMIS: wrong reaction on duplicated underwriting of a policy by malinowskikam in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/126
* OTC-911 by malinowskikam in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/127
* OSD-295: add subscription CRUD rights to IMIS administrator by jdolkowski in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/128
* MERGING RELEASE branches by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/129
* OP-1401: Exception handler rework. by wzglinieckisoldevelo in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/130
* Fix pagination bug when listing practitioner by toch in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/132
* Fix medication package conversion bug by toch in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/131
* update pydantic package by jdolkowski in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/135
* MERGING RELEASE branches by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/133
* Add hf code to practitioner by toch in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/134
* CM-188 Adjust backend part to handle payments for Social Protection by malinowskikam in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/137
* CM-234 Fixed error handling in signals by malinowskikam in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/139
* CM-256: Add sonar-project.properties by dborowiecki in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/140
* Hotfix OP-1511 by mngoe in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/142
* Update setup.py by dborowiecki in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/141
* Fix uncomplete Feedback creation (Claim side) by toch in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/144
* Enforce `no` value in the DB for communication payload elements by toch in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/143
* Allow to create a claim or a communication using CODE references by toch in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/136
* CI Update for openimis-be-api_fhir_r4_py by dborowiecki in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/148
* CI Update for openimis-be-api_fhir_r4_py by dborowiecki in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/147
* CM-315: replace PAYED to PAID by sniedzielski in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/150
* CM-315: replace PAYED to PAID by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/151
* remove database access at module loading (db not yet setup) by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/152
* Fix ci by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/153
* Fix ci by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/155
* Fix ci by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/156
* MERGING RELEASE branches by dragos-dobre in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/154
* OP-1556 bump aiohttp version for security & compat by edarchis in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/149
* Improve the test of communication API and check both cases (UUID, CODE) by toch in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/146
* MERGING RELEASE branches by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/158
* MERGING RELEASE branches by dragos-dobre in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/159
* Add test organization by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/161
* rmerge by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/162
* OP-1676: Pydantic version specified. by wzglinieckisoldevelo in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/163
* Mmerge by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/164
* MERGING develop into release/23.10 by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/165
* Add test organization by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/167
* MERGING release/23.10 into develop by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/166
* avoid building reference on None by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/168
* update contribution service by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/169
* MERGING develop into release/23.10 by delcroip in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/170

New Contributors
* jdolkowski made their first contribution in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/128
* wzglinieckisoldevelo made their first contribution in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/130
* toch made their first contribution in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/132
* mngoe made their first contribution in https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/142

**Full Changelog**: https://github.com/openimis/openimis-be-api_fhir_r4_py/compare/1.5.1...v1.6.0

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47627
• https://github.com/openimis/openimis-be-api_fhir_r4_py/pull/149/commits/afffbdd2728f221acdb251da28571e6bcd4215a3