Workflow

PyPi: Exasol-Bucketfs

CVE-2024-21503

Transitive

Safety vulnerability ID: 72123

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 19, 2024 Updated at Aug 08, 2024
Scan your Python projects for vulnerabilities →

Advisory

Exasol-bucketfs 0.12.0 addresses CVE-2024-21503, a vulnerability in the black package that is included as a transitive dependency via exasol-toolbox.

Affected package

exasol-bucketfs

Latest version: 0.13.0

BucketFS utilities for the Python programming language

Affected versions

Fixed versions

Vulnerability changelog

Summary

The current release adds a dependency to plugin `pytest_exasol_saas` and replaces individual test fixtures by those provided by the plugin.

Additionally the release fixes vulnerabilities by updating dependencies.

Security

* Fixed vulnerabilities by updating dependencies
* Vulnerability CVE-2024-21503 in transitive dependency via `exasol-toolbox` to `black` in versions below `24.3.0`
* Vulnerability CVE-2024-35195 in dependency `requests` in versions below `2.32.0`

Refactorings

* 141: Used plugin `pytest_exasol_saas`

Documentation

* 144: Added comment on using fixtures from pytest-plugin `pytest-exasol-saas`
* 147: Added documentation for the SaaS and the PathLike interface.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application