Workflow

PyPi: Testrail-Api

CVE-2024-35195

Transitive

Safety vulnerability ID: 71559

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 20, 2024 Updated at Jul 15, 2024
Scan your Python projects for vulnerabilities →

Advisory

Affected versions of `testrail-api` are potentially vulnerable due to a dependency on `requests` version 2.31.0, which is impacted by a vulnerability that can possibly allow an attacker to exploit a flaw in handling certain HTTP responses, leading to unintended behaviors or security issues.

Affected package

testrail-api

Latest version: 1.13.2

Python wrapper of the TestRail API

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Security depends by tolstislon in https://github.com/tolstislon/testrail-api/pull/107
* [Black vulnerable to Regular Expression Denial of Service (ReDoS)](https://github.com/tolstislon/testrail-api/security/dependabot/2)
* [Requests `Session` object does not verify requests after making first request with verify=False](https://github.com/tolstislon/testrail-api/security/dependabot/3)


**Full Changelog**: https://github.com/tolstislon/testrail-api/compare/1.13.0...1.13.1

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application