Skip to content

Commit

Permalink
Latest data: Sat Jun 29 08:04:27 UTC 2024
Browse files Browse the repository at this point in the history
  • Loading branch information
github.actions committed Jun 29, 2024
1 parent f92b2e4 commit 9f1211d
Show file tree
Hide file tree
Showing 3 changed files with 160 additions and 2 deletions.
158 changes: 158 additions & 0 deletions audits/gptline-requirements.audit.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,162 @@
[
{
"package": {
"name": "nltk",
"version": "3.8.1",
"ecosystem": "PyPI"
},
"dependency_groups": [
"gptline-requirements"
],
"vulnerabilities": [
{
"modified": "2024-06-28T21:29:29Z",
"published": "2024-06-28T00:33:31Z",
"schema_version": "1.6.0",
"id": "GHSA-cgvx-9447-vcch",
"aliases": [
"CVE-2024-39705"
],
"summary": "ntlk unsafe deserialization vulnerability",
"details": "NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt.",
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "nltk",
"purl": "pkg:pypi/nltk"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.8.1"
}
]
}
],
"versions": [
"0.8",
"0.9",
"0.9.3",
"0.9.4",
"0.9.5",
"0.9.6",
"0.9.7",
"0.9.8",
"0.9.9",
"2.0.1",
"2.0.1rc1",
"2.0.1rc2-git",
"2.0.1rc3",
"2.0.1rc4",
"2.0.2",
"2.0.3",
"2.0.4",
"2.0.5",
"2.0b4",
"2.0b5",
"2.0b6",
"2.0b7",
"2.0b8",
"2.0b9",
"3.0.0",
"3.0.0b1",
"3.0.0b2",
"3.0.1",
"3.0.2",
"3.0.3",
"3.0.4",
"3.0.5",
"3.1",
"3.2",
"3.2.1",
"3.2.2",
"3.2.3",
"3.2.4",
"3.2.5",
"3.3",
"3.4",
"3.4.1",
"3.4.2",
"3.4.3",
"3.4.4",
"3.4.5",
"3.5",
"3.5b1",
"3.6",
"3.6.1",
"3.6.2",
"3.6.3",
"3.6.4",
"3.6.5",
"3.6.6",
"3.6.7",
"3.7",
"3.8",
"3.8.1"
],
"database_specific": {
"source": "https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-cgvx-9447-vcch/GHSA-cgvx-9447-vcch.json"
}
}
],
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
},
{
"type": "CVSS_V4",
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39705"
},
{
"type": "WEB",
"url": "https://github.com/nltk/nltk/issues/2522"
},
{
"type": "WEB",
"url": "https://github.com/nltk/nltk/issues/3266"
},
{
"type": "PACKAGE",
"url": "https://github.com/nltk/nltk"
}
],
"database_specific": {
"cwe_ids": [
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-28T21:11:25Z",
"nvd_published_at": "2024-06-27T22:15:10Z",
"severity": "HIGH"
}
}
],
"groups": [
{
"ids": [
"GHSA-cgvx-9447-vcch"
],
"aliases": [
"CVE-2024-39705",
"GHSA-cgvx-9447-vcch"
],
"max_severity": "7.5"
}
]
},
{
"package": {
"name": "urllib3",
Expand Down
2 changes: 1 addition & 1 deletion requirements/codecov-cli-requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ regex==2024.5.15
requests==2.32.3
responses==0.21.0
rfc3986==1.5.0
setuptools==70.1.0
setuptools==70.1.1
sniffio==1.3.1
test-results-parser==0.1.0
tree-sitter==0.20.4
Expand Down
2 changes: 1 addition & 1 deletion requirements/ipython-requirements.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ jedi==0.19.1
matplotlib-inline==0.1.7
parso==0.8.4
pexpect==4.9.0
prompt-toolkit==3.0.45
prompt-toolkit==3.0.47
ptyprocess==0.7.0
pure-eval==0.2.2
pygments==2.18.0
Expand Down

0 comments on commit 9f1211d

Please sign in to comment.