|
34 | 34 | fi |
35 | 35 |
|
36 | 36 | # Ignore vulnerability found in gdal version 3.6.2 |
37 | | -# @TODO Remove this once the base image includes GDAL>=3.8.0 |
| 37 | +# @TODO Remove these once the base image includes GDAL>=3.8.0 |
38 | 38 | # Vulnerability ID: 62283 |
39 | | -# Affected spec: <3.8.0 |
40 | | -# ADVISORY: Gdal 3.8.0 backports a security fix for CVE-2023-45853: MiniZip |
41 | | -# in zlib through 1.3 has an integer overflow. |
| 39 | +# Affected spec: <3.8.0 |
| 40 | +# ADVISORY: Gdal 3.8.0 backports a security fix for CVE-2023-45853: MiniZip |
| 41 | +# in zlib through 1.3 has an integer overflow. |
| 42 | +# Vulnerability ID: 74054 |
| 43 | +# Affected spec: <3.9.3 |
| 44 | +# ADVISORY: Affected versions of GDAL's GMLAS driver are vulnerable |
| 45 | +# to XML Entity Expansion attacks (Billion Laughs attack). This |
| 46 | +# vulnerability can lead to a Denial of Service (DoS) by causing excessive |
| 47 | +# resource consumption when parsing specially crafted XML files with |
| 48 | +# recursive entity definitions. The attack vector involves feeding malicious |
| 49 | +# XML content to the GMLAS driver, exploiting the unlimited entity expansion |
| 50 | +# during parsing. The vulnerability exists in the GMLASReader class's XML |
| 51 | +# parsing functions that lack restrictions on entity expansion. An attacker |
| 52 | +# can exploit this by providing a crafted XML input to any application using |
| 53 | +# the vulnerable GMLAS driver, potentially rendering the application |
| 54 | +# unresponsive. The issue is mitigated by introducing a limit on entity |
| 55 | +# expansions and aborting parsing when the limit is exceeded. |
42 | 56 |
|
43 | 57 | # Ignore vulnerability found in jinja2 version 3.1.4 |
44 | 58 | # We do not allow any untrusted templates, and so are not affected. |
|
51 | 65 | # third parties believe that this vulnerability isn't valid because users |
52 | 66 | # shouldn't use untrusted templates without sandboxing. |
53 | 67 | # CVE-2019-8341 |
54 | | - |
| 68 | + |
55 | 69 | echo Package Vulnerabilities: |
56 | | -pip freeze | safety check --stdin --full-report -i 62283 -i 70612 |
| 70 | +pip freeze | safety check --stdin --full-report -i 62283 -i 70612 -i 74054 |
57 | 71 | SAFETY_RESULT=$? |
58 | 72 |
|
59 | 73 | # Suppress SAFETY_RESULT unless CHECK_SAFETY is set |
|
0 commit comments