Skip to content

Commit 904ef17

Browse files
myteronmyteron
authored
pySCG: adding missing CVEs to CWE 180, 501, 502, 843 (#691)
Signed-off-by: Helge Wehder <[email protected]> Signed-off-by: myteron <[email protected]>
1 parent 95fd687 commit 904ef17

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

docs/Secure-Coding-Guide-for-Python/readme.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -48,13 +48,13 @@ It is **not production code** and requires code-style or python best practices t
4848
|[CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)](CWE-664/CWE-409/.)||
4949
|[CWE-410: Insufficient Resource Pool](CWE-664/CWE-410/README.md)||
5050
|[CWE-426: Untrusted Search Path](CWE-664/CWE-426/README.md)|[CVE-2015-1326](https://www.cvedetails.com/cve/CVE-2015-1326),<br/>CVSSv3.0: **8.8**,<br/>EPSS: **00.20** (23.11.2023)|
51-
|[CWE-501: Trust Boundary Violation)](CWE-664/CWE-501/README.md)||
52-
|[CWE-502: Deserialization of Untrusted Data)](CWE-664/CWE-502/.)||
51+
|[CWE-501: Trust Boundary Violation)](CWE-664/CWE-501/README.md)|[CVE-2023-28597](https://www.cvedetails.com/cve/CVE-2023-28597),<br/>CVSSv3.0: **7.5**,<br/>EPSS: **00.11** (05.11.2024)|
52+
|[CWE-502: Deserialization of Untrusted Data)](CWE-664/CWE-502/.)|[CVE-2018-8021](https://www.cvedetails.com/cve/CVE-2018-8021),<br/>CVSSv3.0: **9.8**,<br/>EPSS: **93.54** (05.11.2024)|
5353
|[CWE-532: Insertion of Sensitive Information into Log File](CWE-664/CWE-532/README.md)|[CVE-2023-45585](https://www.cvedetails.com/cve/CVE-2023-45585),<br/>CVSSv3.1: **9.8**,<br/>EPSS: **0.04** (01.11.2024)|
5454
|[CWE-665: Improper Initialization](CWE-664/CWE-665/README.md)||
5555
|[CWE-681: Incorrect Conversion between Numeric Types](CWE-664/CWE-681/README.md)||
5656
|[CWE-833: Deadlock](CWE-664/CWE-833/README.md)||
57-
|[CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')](CWE-664/CWE-843/.)||
57+
|[CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')](CWE-664/CWE-843/.)|[CVE-2021-29513](https://www.cvedetails.com/cve/CVE-2021-29513),<br/>CVSSv3.1: **7.8**,<br/>EPSS: **00.05** (05.11.2024)|
5858
|[XXX-005: Consider hash-based integrity verification of byte code files against their source code files](CWE-664/XXX-005/.)||
5959

6060
|[CWE-682: Incorrect Calculation](https://cwe.mitre.org/data/definitions/682.html)|Prominent CVE|
@@ -89,7 +89,7 @@ It is **not production code** and requires code-style or python best practices t
8989
|:----------------------------------------------------------------|:----|
9090
|[CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')](CWE-707/CWE-89/.)|[CVE-2019-8600](https://www.cvedetails.com/cve/CVE-2019-8600/),<br/>CVSSv3.1: **9.8**,<br/>EPSS: **01.43** (18.02.2024)|
9191
|[CWE-117: Improper Output Neutralization for Logs](CWE-707/CWE-117/.)||
92-
|[CWE-180: Incorrect behavior order: Validate before Canonicalize](CWE-707/CWE-180/.)||
92+
|[CWE-180: Incorrect behavior order: Validate before Canonicalize](CWE-707/CWE-180/.)|[CVE-2022-26136](https://www.cvedetails.com/cve/CVE-2022-26136/),<br/>CVSSv3.1: **9.8**,<br/>EPSS: **00.77** (05.11.2024)|
9393

9494
|[CWE-710: Improper Adherence to Coding Standards](https://cwe.mitre.org/data/definitions/710.html)|Prominent CVE|
9595
|:----------------------------------------------------------------|:----|

0 commit comments

Comments
 (0)