Product Research Enterprise Plans Docs

PyPi: Compliance-Trestle

CVE-2024-22195

Transitive

Safety vulnerability ID: 64313

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 11, 2024 Updated at Dec 05, 2024

Scan your Python projects for vulnerabilities →

Advisory

Compliance-trestle 2.5.1 updates its dependency 'jinja2' to v3.1.3 to include a security fix.
https://github.com/oscal-compass/compliance-trestle/pull/1498

Affected package

compliance-trestle

Latest version: 3.6.0

Tools to manage & autogenerate python objects representing the OSCAL layers/models

Affected versions

Fixed versions

Vulnerability changelog

Fix
* Correct security vulnerability ([1498](https://github.com/oscal-compass/compliance-trestle/issues/1498)) ([`e23792c`](https://github.com/oscal-compass/compliance-trestle/commit/e23792cb1cde490fa2951866c9f99f9d43e9c669))

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): LOW
Availability Availability (A): NONE