Workflow

PyPi: Cornflow

CVE-2024-34069

Transitive

Safety vulnerability ID: 71012

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 06, 2024 Updated at Oct 31, 2024
Scan your Python projects for vulnerabilities →

Advisory

Cornflow version 1.0.11 updates its Werkzeug dependency to version 3.0.3 or lower (previously <=2.3.8) to address the security vulnerability identified as CVE-2024-34069.

Affected package

cornflow

Latest version: 1.1.2

Cornflow is an open source multi-solver optimization server with a REST API built using flask.

Affected versions

Fixed versions

Vulnerability changelog

---------------

- released: 2024-05-10
- description: release to fix security vulnerabilities
- changelog:
- Upgraded flask-cors version to 4.0.1
- Upgraded Werkzeug version to 3.0.3
- Upgraded Airflow to version 2.9.1
- Fixed Werkzeug version on airflow image to 3.0.3

What's Changed
* Added codecov token for upload of results by ggsdc in https://github.com/baobabsoluciones/cornflow/pull/520
* Docs/update by ggsdc in https://github.com/baobabsoluciones/cornflow/pull/521
* Changes needed due to security reasons. by ggsdc in https://github.com/baobabsoluciones/cornflow/pull/529


**Full Changelog**: https://github.com/baobabsoluciones/cornflow/compare/v1.0.10...v1.0.11

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application