Workflow

PyPi: Cdsetool

CVE-2024-35195

Transitive

Safety vulnerability ID: 71099

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 20, 2024 Updated at Jun 10, 2024
Scan your Python projects for vulnerabilities →

Advisory

Cdsetool 0.2.10 updates its `requests` dependency requirement from `<2.32.0,>=2.28.1` to `>=2.28.1,<2.33.0` due to the CVE-2024-35195.

Affected package

cdsetool

Latest version: 0.2.11

Tools & CLI for interacting with CDSE product APIs

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* credentials: set precise expire times by pjonsson in https://github.com/CDSETool/CDSETool/pull/116
* query: re-use session/retry logic from credentials by pjonsson in https://github.com/CDSETool/CDSETool/pull/121
* build(deps): bump pylint from 3.1.0 to 3.1.1 by dependabot in https://github.com/CDSETool/CDSETool/pull/136
* build(deps): bump pylint from 3.1.1 to 3.2.0 by dependabot in https://github.com/CDSETool/CDSETool/pull/137
* build(deps): bump pylint from 3.2.0 to 3.2.2 by dependabot in https://github.com/CDSETool/CDSETool/pull/144

Security

* build(deps): update requests requirement from <2.32.0,>=2.28.1 to >=2.28.1,<2.33.0 by dependabot in https://github.com/CDSETool/CDSETool/pull/145
* fixes [CVE-2024-35195](https://github.com/advisories/GHSA-9wx4-h78v-vm56)

**Full Changelog**: https://github.com/CDSETool/CDSETool/compare/v0.2.9...v0.2.10

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application