pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl: 1 vulnerabilities (highest severity is: 5.9) #4
Description
Vulnerable Library - pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Data validation and settings management using python type hints
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Vulnerabilities
| Vulnerability | Severity |  CVSS |
Dependency | Type | Fixed in (pydantic version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-3772 |  Medium |
5.9 | pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl | Direct | 1.10.13 | ✅ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-3772
Vulnerable Library - pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Data validation and settings management using python type hints
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt,/requirements.txt
Dependency Hierarchy:
- ❌ pydantic-1.10.9-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.
Publish Date: 2024-04-15
URL: CVE-2024-3772
CVSS 3 Score Details (5.9)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Release Date: 2024-04-15
Fix Resolution: 1.10.13
⛑️ Automatic Remediation will be attempted for this issue.
⛑️Automatic Remediation will be attempted for this issue.