Product Research Enterprise Plans Docs

PyPi: Py-Trello-Api

CVE-2023-6129

Transitive

Safety vulnerability ID: 67416

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 09, 2024 Updated at Oct 14, 2024

Scan your Python projects for vulnerabilities →

Advisory

Py-trello-api 0.4.2 introduces an optional PyOpenSSL import for versions of Python older than 2.7.9 and 3.2, aiming to address security concerns related to OpenSSL as highlighted by CVE-2023-6129.

Affected package

py-trello-api

Latest version: 0.20.0

Python wrapper around the Trello API (Provisional version)

Affected versions

Fixed versions

Vulnerability changelog

cards : checklists and comments are sorted
cards : checklists and comments no longer raise AttributeError if not already fetched
style nitpicking
members : comments are sorted
trelloclient : add optional import of PyOpenSSL useful for python < 2.7.9 and 3.2 to prevent security issues with openssl (More info : https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning)
more tests

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.5

CVSS v3 Details

MEDIUM 6.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): LOW
Availability Availability (A): HIGH