Product Research Enterprise Plans Docs

PyPi: Fin-Maestro-Kin

CVE-2024-28219

Transitive

Safety vulnerability ID: 67525

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 03, 2024 Updated at Sep 23, 2024

Scan your Python projects for vulnerabilities →

Advisory

Fin-maestro-kin 0.2.2 updates its dependency 'pillow' to version 10.3.0 to include a fix for a Buffer Overflow vulnerability.

Affected package

fin-maestro-kin

Latest version: 0.3.3

Seamless Finance: Docker Deployed APIs for Smart Investments.

Affected versions

Fixed versions

Vulnerability changelog

Summary

This release addresses security vulnerabilities and improves endpoint functionality in the Fin Maestro Kin project. Additionally, optimizations have been made to streamline the image building and deployment process.

Details

Security Updates
1. Upgraded `matplotlib` and `pillow` dependencies to address CVE-2024-28219, ensuring the project's security posture remains robust.

Dependency Management
2. Restructured dependency management by moving `pytest` from `[tool.poetry.dependencies]` to `[tool.poetry.dev-dependencies]`. This optimization helps streamline image building and deployment processes by reducing unnecessary dependencies.

Endpoint Fixes
3. Fixed the `/nseindices/history` endpoint to return accurate historical OHLC (Open, High, Low, Close) data instead of random data, improving the reliability and accuracy of financial data retrieval.

Docker Image Update
4. Pushed an updated Docker image with version v0.2.2, tagged as `latest`, ensuring users have access to the most recent version of the application with the latest enhancements and fixes.

Impact
- Users can now benefit from improved security measures with the updated dependencies, ensuring the integrity of financial data processed by the application.
- Streamlined dependency management enhances the efficiency of image building and deployment processes, resulting in faster and more reliable deployments.
- The fixed endpoint ensures that historical financial data retrieved from the `/nseindices/history` endpoint is accurate and reliable, supporting more informed financial analysis and decision-making.
- The availability of the updated Docker image with version v0.2.2 as `latest` on Docker Hub allows for easy deployment and access to the latest features and fixes.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application