Workflow

PyPi: Python-Gitlab

CVE-2024-56201

Transitive

Safety vulnerability ID: 74885

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 23, 2024 Updated at Feb 19, 2025
Scan your Python projects for vulnerabilities →

Advisory

The Python-gitlab package has updated its Jinja2 dependency to version 3.1.5 to address a critical security vulnerability identified as CVE-2024-56201.

Affected package

python-gitlab

Latest version: 5.6.0

The python wrapper for the GitLab REST and GraphQL APIs.

Affected versions

Fixed versions

Vulnerability changelog

Bug Fixes

- **api**: Allow configuration of keep_base_url from file
([`f4f7d7a`](https://github.com/python-gitlab/python-gitlab/commit/f4f7d7a63716f072eb45db2c7f590db0435350f0))

- **registry-protection**: Fix api url
([`8c1aaa3`](https://github.com/python-gitlab/python-gitlab/commit/8c1aaa3f6a797caf7bd79a7da083eae56c6250ff))

See:
https://docs.gitlab.com/ee/api/container_repository_protection_rules.html#list-container-repository-protection-rules

Chores

- Bump to 5.3.1
([`912e1a0`](https://github.com/python-gitlab/python-gitlab/commit/912e1a0620a96c56081ffec284c2cac871cb7626))

- **deps**: Update dependency jinja2 to v3.1.5 [security]
([`01d4194`](https://github.com/python-gitlab/python-gitlab/commit/01d41946cbb1a4e5f29752eac89239d635c2ec6f))

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application