PyPi: Negmas

CVE-2023-4863

Transitive

Safety vulnerability ID: 62560

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 12, 2023 Updated at Aug 07, 2024
Scan your Python projects for vulnerabilities →

Advisory

Negmas 0.10.2 updates its dependency 'pillow' to v10.0.1 to include security fixes.

Affected package

negmas

Latest version: 0.10.23

NEGotiations Managed by Agent Simulations

Affected versions

Fixed versions

Vulnerability changelog

--------------

* Adding RandomOfferGuaranteedAcceptance negotiator
* Fixing some failures in testing some genius agents
* [Snyk] Security upgrade pillow from 9.5.0 to 10.0.1
* [Snyk] Security upgrade werkzeug from 2.2.3 to 3.0.1
* [Snyk] Security upgrade pillow from 9.5.0 to 10.0.0
* fix: docs/requirements.txt to reduce vulnerabilities
* Updating tutorials, adding a tournament there
* Fixing an installation bug: hypothesis was needed to run test_situated under negmas/tests. This prevented users from running the fast set of tests after installation.
* cartesian_tournament to run a simple tournament
- cartesian_tournament runs a simple tournament similar to Genius tournaments.
- create_cartesian_tournament creates a simple Cartesian tournament but does not run it. To run the tournament, call run_tournament passing it the returned path from create_cartesian_tournament.
* fix: requirements-visualizer.txt to reduce vulnerabilities
* Group2 defaults to Y2015Group2 in gnegotaitors
* adding Ateamagent beside AteamAgent
* Correcting few gnegotiator names
* standardizing some gnegotiator names
* renaming ateamAgent -> AteamAgent in genius
* Adding some missing Genius negotiators to gnegotiators.py

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.8

CVSS v3 Details

HIGH 8.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH