Product Research Enterprise Plans Docs

PyPi: Vvspy

CVE-2024-35195

Transitive

Safety vulnerability ID: 71104

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 20, 2024 Updated at May 09, 2025

Scan your Python projects for vulnerabilities →

Advisory

Vvspy version 2.1.0 has dropped support for Python 3.6 and 3.7 to address the vulnerability CVE-2024-35195 in its `requests` dependency. This update ensures that the package remains secure by leveraging the improvements and fixes available in later versions of Python and the `requests` library.

Affected package

vvspy

Latest version: 2.3.0

API Wrapper for VVS (Verkehrsverbund Stuttgart)

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* fixed typo in readme by zaanposni in https://github.com/zaanposni/vvspy/pull/74
* dropped support for python 3.6 and 3.7 to fix vulnerability CVE-2024-35195 in requests dependency

**Full Changelog**: https://github.com/zaanposni/vvspy/compare/v2.0.2...v2.1.0

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35195

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.6

CVSS v3 Details

MEDIUM 5.6

Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): NONE