Product Research Enterprise Plans Docs

PyPi: Dds-Cli

CVE-2023-6681

Transitive

Safety vulnerability ID: 65298

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 12, 2024 Updated at Nov 12, 2024

Scan your Python projects for vulnerabilities →

Advisory

Dds-cli version 2.6.2 upgrades its jwcrypto dependency to version 1.5.1 from the earlier 1.4.2, in response to security concerns highlighted by CVE-2023-6681.
https://github.com/ScilifelabDataCentre/dds_cli/pull/674/commits/e1cb225c76e55ec88dfa6de594722664fd20826a

Affected package

dds-cli

Latest version: 2.8.1

A command line tool to manage data and projects in the SciLifeLab Data Delivery System.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* New release 13-02-2024 by valyo in https://github.com/ScilifelabDataCentre/dds_cli/pull/673
* update jwcrypto to address cve by rv0lt in https://github.com/ScilifelabDataCentre/dds_cli/pull/674
* Dds 1686 Update black version in dev and github actions - Update linted files to 24.1.1 by rv0lt in https://github.com/ScilifelabDataCentre/dds_cli/pull/675
* New version & changelog by rv0lt in https://github.com/ScilifelabDataCentre/dds_cli/pull/678
* update sphinx by rv0lt in https://github.com/ScilifelabDataCentre/dds_cli/pull/680

**Full Changelog**: https://github.com/ScilifelabDataCentre/dds_cli/compare/v2.6.1...v2.6.2

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6681

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.3

CVSS v3 Details

MEDIUM 5.3

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): LOW