Workflow

PyPi: Exasol-Bucketfs

CVE-2024-35195

Transitive

Safety vulnerability ID: 72131

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 20, 2024 Updated at Aug 08, 2024
Scan your Python projects for vulnerabilities →

Advisory

Exasol-bucketfs 0.12.0 addresses CVE-2024-35195, a vulnerability in the requests package in versions below 2.32.0.

Affected package

exasol-bucketfs

Latest version: 0.13.0

BucketFS utilities for the Python programming language

Affected versions

Fixed versions

Vulnerability changelog

Summary

The current release adds a dependency to plugin `pytest_exasol_saas` and replaces individual test fixtures by those provided by the plugin.

Additionally the release fixes vulnerabilities by updating dependencies.

Security

* Fixed vulnerabilities by updating dependencies
* Vulnerability CVE-2024-21503 in transitive dependency via `exasol-toolbox` to `black` in versions below `24.3.0`
* Vulnerability CVE-2024-35195 in dependency `requests` in versions below `2.32.0`

Refactorings

* 141: Used plugin `pytest_exasol_saas`

Documentation

* 144: Added comment on using fixtures from pytest-plugin `pytest-exasol-saas`
* 147: Added documentation for the SaaS and the PathLike interface.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application