Product Research Enterprise Plans Docs

PyPi: Boaviztapi

CVE-2024-3651

Transitive

Safety vulnerability ID: 73378

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 07, 2024 Updated at Dec 11, 2024

Scan your Python projects for vulnerabilities →

Advisory

Boaviztapi bumped idna from 3.6 to 3.7 via Dependabot to address CVE-2024-3651.

Affected package

boaviztapi

Latest version: 1.3.6

An API to access Boavizta's methodologies and footprint reference data

Affected versions

Fixed versions

Vulnerability changelog

This release adds Azure instances to the API and fixes some security issues.

What's Changed

* Updated reference factors to match Green Cloud Computing study by tibosmn in https://github.com/Boavizta/boaviztapi/pull/288
* Providing data for Azure virtual machines by bpetit in https://github.com/Boavizta/boaviztapi/pull/282
* Adding test for Azure cloud instances by da-ekchajzer in https://github.com/Boavizta/boaviztapi/pull/300
* chore(ci): upgrade github actions that rely on Node 16. by demeringo in https://github.com/Boavizta/boaviztapi/pull/290
* chore(ci): Run python tests when dependencies are updated. by demeringo in https://github.com/Boavizta/boaviztapi/pull/303
* Bump es5-ext from 0.10.61 to 0.10.64 by dependabot in https://github.com/Boavizta/boaviztapi/pull/304
* Bump certifi from 2024.2.2 to 2024.7.4 by dependabot in https://github.com/Boavizta/boaviztapi/pull/310
* Bump jinja2 from 3.1.3 to 3.1.4 by dependabot in https://github.com/Boavizta/boaviztapi/pull/308
* Bump urllib3 from 2.2.1 to 2.2.2 by dependabot in https://github.com/Boavizta/boaviztapi/pull/306
* Bump idna from 3.6 to 3.7 by dependabot in https://github.com/Boavizta/boaviztapi/pull/305
* Bump zipp from 3.17.0 to 3.19.1 by dependabot in https://github.com/Boavizta/boaviztapi/pull/307
* Bump semver from 5.7.1 to 5.7.2 by dependabot in https://github.com/Boavizta/boaviztapi/pull/312
* Bump requests from 2.31.0 to 2.32.2 by dependabot in https://github.com/Boavizta/boaviztapi/pull/309
* chore(deps): update fastapi to 0.115.0 and pydantic to 2.9.2 by demeringo in https://github.com/Boavizta/boaviztapi/pull/315
* Integrate latest developments by demeringo in https://github.com/Boavizta/boaviztapi/pull/316

New Contributors

* dependabot made their first contribution in https://github.com/Boavizta/boaviztapi/pull/304

**Full Changelog**: https://github.com/Boavizta/boaviztapi/compare/v1.2.4...v1.3

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3651

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH