Skip to content

Commit 3bc69f8

Browse files
sbrunnersbrunner
committed
Fix or ignore CVE
``` +==============================================================================+ | | | /$$$$$$ /$$ | | /$$__ $$ | $$ | | /$$$$$$$ /$$$$$$ | $$ \__//$$$$$$ /$$$$$$ /$$ /$$ | | /$$_____/ |____ $$| $$$$ /$$__ $$|_ $$_/ | $$ | $$ | | | $$$$$$ /$$$$$$$| $$_/ | $$$$$$$$ | $$ | $$ | $$ | | \____ $$ /$$__ $$| $$ | $$_____/ | $$ /$$| $$ | $$ | | /$$$$$$$/| $$$$$$$| $$ | $$$$$$$ | $$$$/| $$$$$$$ | | |_______/ \_______/|__/ \_______/ \___/ \____ $$ | | /$$ | $$ | | | $$$$$$/ | | by pyup.io \______/ | | | +==============================================================================+ | REPORT | | checked 54 packages, using free DB (updated once a month) | +============================+===========+==========================+==========+ | package | installed | affected | ID | +============================+===========+==========================+==========+ | sqlalchemy-utils | 0.38.2 | >=0.27.0 | 42194 | +==============================================================================+ | Sqlalchemy-utils from version 0.27.0 'EncryptedType' uses by default AES | | with CBC mode. The IV that it uses is not random though. | | kvesteri/sqlalchemy-utils#166 | | kvesteri/sqlalchemy-utils#499 | +==============================================================================+ | ujson | 5.1.0 | <=5.1.0 | 46499 | +==============================================================================+ | UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in | | Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for | | example, use a large amount of indentation. | +==============================================================================+ ```
1 parent 2f949c8 commit 3bc69f8

File tree

2 files changed

+53
-52
lines changed

2 files changed

+53
-52
lines changed

Pipfile.lock

Lines changed: 52 additions & 52 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pip-cve-ignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
42194

0 commit comments

Comments
 (0)