Product Research Enterprise Plans Docs

PyPi: Assemblyline

CVE-2024-37568

Transitive

Safety vulnerability ID: 75391

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 09, 2024 Updated at Mar 09, 2025

Scan your Python projects for vulnerabilities →

Advisory

Assemblyline updates authlib library to address CVE-2024-37568 vulnerability.

Affected package

assemblyline

Latest version: 4.5.0.77

Assemblyline 4 - Automated malware analysis framework

Affected versions

Fixed versions

Vulnerability changelog

Bugfixes

- Update authlib library to address CVE-2024-37568 vulnerability
- Handle cases where the value of identity_id was never assigned (https://github.com/CybercentreCanada/assemblyline/issues/315)

Features

- Submission Profiles
- This allows you to pre-configure profiles for users and also set restrictions on what's allowed to be changed
- This introduces the role of `submission_customize` which grants the user the ability to change their submission profile as they desire (should be given to all users by default) but administrators are allowed to remove this role as they see fit.

- Update Sources: Support for supplying JSON data for POST requests (https://github.com/CybercentreCanada/assemblyline/issues/248)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37568

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): HIGH
Availability Availability (A): NONE