Workflow

PyPi: Scancodeio

CVE-2024-1135

Transitive

Safety vulnerability ID: 68075

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 16, 2024 Updated at Jul 02, 2024
Scan your Python projects for vulnerabilities →

Advisory

Scancodeio 34.4.0 updates its dependency 'gunicorn' to v22.0.0 to include a security fix.

Affected package

scancodeio

Latest version: 34.7.0

Automate software composition analysis pipelines

Affected versions

Fixed versions

Vulnerability changelog

--------------------

- Upgrade Gunicorn to v22.0.0 security release.

- Display the list of fields available for the advanced search syntax in the modal UI.
https://github.com/nexB/scancode.io/issues/1164

- Add support for CycloneDX 1.6 outputs and inputs.
Also, the CycloneDX outputs can be downloaded as 1.6, 1.5, and 1.4 spec versions.
https://github.com/nexB/scancode.io/pull/1165

- Update matchcode-toolkit to v4.1.0

- Add a new function
`scanpipe.pipes.matchcode.fingerprint_codebase_resources()`, which computes
approximate file matching fingerprints for text files using the new
`get_file_fingerprint_hashes` function from matchcode-toolkit.

- Rename the `purldb-scan-queue-worker` management command to `purldb-scan-worker`.

- Add `docker-compose.purldb-scan-worker.yml` to run ScanCode.io as a PurlDB
scan worker service.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application