Workflow

PyPi: Dds-Cli

CVE-2023-6681

Transitive

Safety vulnerability ID: 65298

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 12, 2024 Updated at Jun 04, 2024
Scan your Python projects for vulnerabilities →

Advisory

Dds-cli version 2.6.2 upgrades its jwcrypto dependency to version 1.5.1 from the earlier 1.4.2, in response to security concerns highlighted by CVE-2023-6681.
https://github.com/ScilifelabDataCentre/dds_cli/pull/674/commits/e1cb225c76e55ec88dfa6de594722664fd20826a

Affected package

dds-cli

Latest version: 2.7.0

A command line tool to manage data and projects in the SciLifeLab Data Delivery System.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* New release 13-02-2024 by valyo in https://github.com/ScilifelabDataCentre/dds_cli/pull/673
* update jwcrypto to address cve by rv0lt in https://github.com/ScilifelabDataCentre/dds_cli/pull/674
* Dds 1686 Update black version in dev and github actions - Update linted files to 24.1.1 by rv0lt in https://github.com/ScilifelabDataCentre/dds_cli/pull/675
* New version & changelog by rv0lt in https://github.com/ScilifelabDataCentre/dds_cli/pull/678
* update sphinx by rv0lt in https://github.com/ScilifelabDataCentre/dds_cli/pull/680


**Full Changelog**: https://github.com/ScilifelabDataCentre/dds_cli/compare/v2.6.1...v2.6.2

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application