Skip to content

Commit bfed8ee

Browse files
bogdansshbogdanssh
authored
Merge pull request #201 from sboldyreva/python-cves
Add Python Libraries CVEs
2 parents 7ede573 + c63b113 commit bfed8ee

File tree

1 file changed

+66
-1
lines changed
  • docs/els-for-runtimes-and-libraries/python-libraries

1 file changed

+66
-1
lines changed

docs/els-for-runtimes-and-libraries/python-libraries/README.md

Lines changed: 66 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -114,4 +114,69 @@ If you want to keep using public PyPI and fetch only specific patched packages f
114114

115115
</CodeWithCopy>
116116

117-
117+
## Resolved CVEs
118+
119+
Fixes for the following vulnerabilities are available in ELS for Python Libraries from TuxCare versions:
120+
121+
<details>
122+
<summary>Click to expand resolved CVEs in ELS for Python Libraries</summary>
123+
124+
| CVE ID | Severity | Library | Vulnerable Version | Safe Version |
125+
| :-----------------: | :------: | :----------: | :----------------: | :----------: |
126+
| GHSA-56pw-mpj4-fxww | High | pillow | 9.4.0 | 9.4.0.post2+tuxcare |
127+
| GHSA-h4gh-qq45-vh27 | Medium | cryptography | 42.0.8 | 42.0.8.post1+tuxcare |
128+
| CVE-2019-6446 | Critical | numpy | 1.16.0 | 1.16.0.post1+tuxcare |
129+
| CVE-2020-7694 | Low | uvicorn | 0.11.6 | 0.11.6.post1+tuxcare |
130+
| CVE-2020-7695 | High | uvicorn | 0.11.6 | 0.11.6.post1+tuxcare |
131+
| CVE-2021-41945 | N/A | httpx | 0.22.0 | 0.22.0.post1+tuxcare |
132+
| CVE-2022-23491 | High | certifi | 2021.10.8 | 2021.10.08.post2+tuxcare |
133+
| CVE-2023-4863 | High | pillow | 9.4.0 | 9.4.0.post2+tuxcare |
134+
| CVE-2023-4863 | High | pillow | 9.5.0 | 9.5.0.post1+tuxcare |
135+
| CVE-2023-23934 | Low | werkzeug | 1.0.1 | 1.0.1.post3+tuxcare |
136+
| CVE-2023-23969 | High | django | 4.0 | 4.0.post1+tuxcare |
137+
| CVE-2023-24580 | High | django | 4.0 | 4.0.post1+tuxcare |
138+
| CVE-2023-25577 | High | werkzeug | 1.0.1 | 1.0.1.post1+tuxcare<br>1.0.1.post2+tuxcare<br>1.0.1.post3+tuxcare |
139+
| CVE-2023-30861 | High | flask | 1.1.2 | 1.1.2.post1+tuxcare |
140+
| CVE-2023-30861 | High | flask | 1.1.2 | 2.2.1.post1+tuxcare |
141+
| CVE-2023-32681 | Medium | requests | 2.25.1 | 2.25.1.post1+tuxcare |
142+
| CVE-2023-32681 | Medium | requests | 2.30.0 | 2.30.0.post1+tuxcare |
143+
| CVE-2023-37276 | High | aiohttp | 3.8.4 | 3.8.4.post1+tuxcare |
144+
| CVE-2023-37920 | Critical | certifi | 2021.10.8 | 2021.10.08.post1+tuxcare<br>2021.10.08.post2+tuxcare |
145+
| CVE-2023-37920 | Critical | certifi | 2022.12.7 | 2022.12.07.post1+tuxcare<br>2022.12.07.post2+tuxcare |
146+
| CVE-2023-44271 | High | pillow | 9.4.0 | 9.4.0.post1+tuxcare |
147+
| CVE-2023-47627 | High | aiohttp | 3.8.5 | 3.8.5.post1+tuxcare |
148+
| CVE-2023-50447 | High | pillow | 9.4.0 | 9.4.0.post2+tuxcare |
149+
| CVE-2023-50447 | High | pillow | 9.5.0 | 9.5.0.post1+tuxcare |
150+
| CVE-2024-3651 | High | idna | 2.1 | 2.1.post1+tuxcare |
151+
| CVE-2024-5629 | N/A | pymongo | 3.13.0 | 3.13.0.post1+tuxcare |
152+
| CVE-2024-6345 | High | setuptools | 65.5.1 | 65.5.1.post1+tuxcare |
153+
| CVE-2024-6827 | High | gunicorn | 22.0.0 | 22.0.0.post1+tuxcare |
154+
| CVE-2024-7923 | Critical | gunicorn | 20.1.0 | 20.1.0.post2+tuxcare |
155+
| CVE-2024-12797 | High | cryptography | 42.0.8 | 42.0.8.post1+tuxcare |
156+
| CVE-2024-12797 | N/A | cryptography | 43.0.1 | 43.0.1.post1+tuxcare |
157+
| CVE-2024-12797 | N/A | cryptography | 43.0.3 | 43.0.3.post1+tuxcare |
158+
| CVE-2024-22195 | Medium | jinja2 | 2.11.3 | 2.11.3.post1+tuxcare<br>2.11.3.post2+tuxcare |
159+
| CVE-2024-24680 | High | django | 5.0.1 | 5.0.1.post1+tuxcare |
160+
| CVE-2024-24762 | High | fastapi | 0.104.1 | 0.104.1.post1+tuxcare |
161+
| CVE-2024-27351 | Medium | django | 5.0.2 | 5.0.2.post1+tuxcare |
162+
| CVE-2024-28219 | Medium | pillow | 9.4.0 | 9.4.0.post3+tuxcare |
163+
| CVE-2024-34064 | Medium | jinja2 | 2.11.3 | 2.11.3.post1+tuxcare<br>2.11.3.post2+tuxcare |
164+
| CVE-2024-39689 | High | certifi | 2022.12.7 | 2022.12.07.post2+tuxcare |
165+
| CVE-2024-39689 | High | certifi | 2023.7.22 | 2023.07.22.post1+tuxcare |
166+
| CVE-2024-47081 | Medium | requests | 2.32.3 | 2.32.3.post1+tuxcare |
167+
| CVE-2024-49766 | Medium | werkzeug | 1.0.1 | 1.0.1.post1+tuxcare<br>1.0.1.post2+tuxcare<br>1.0.1.post3+tuxcare |
168+
| CVE-2024-49767 | High | werkzeug | 1.0.1 | 1.0.1.post1+tuxcare<br>1.0.1.post3+tuxcare |
169+
| CVE-2024-49768 | Medium | waitress | 2.1.2 | 2.1.2.post1+tuxcare<br>2.1.2.post2+tuxcare |
170+
| CVE-2024-49769 | High | waitress | 2.1.2 | 2.1.2.post2+tuxcare |
171+
| CVE-2024-52304 | High | aiohttp | 3.8.5 | 3.8.5.post2+tuxcare |
172+
| CVE-2024-56326 | Medium | jinja2 | 2.11.3 | 2.11.3.post2+tuxcare |
173+
| CVE-2024-56374 | Medium | django | 5.1.4 | 5.1.4.post1+tuxcare |
174+
| CVE-2025-27516 | Medium | jinja2 | 2.11.3 | 2.11.3.post2+tuxcare |
175+
| CVE-2025-47273 | High | setuptools | 75.8.0 | 75.8.0.post1+tuxcare |
176+
| CVE-2025-50817 | N/A | future | 1.0.0 | 1.0.0.post1+tuxcare |
177+
178+
**N/A (Not Available)** mean that the National Vulnerability Database (NVD) has registered this CVE, but an official CVSS severity score has not yet been assigned.
179+
180+
</details>
181+
182+
If you are interested in the TuxCare Endless Lifecycle Support, contact [[email protected]](mailto:[email protected]).

0 commit comments

Comments
 (0)