WS-2015-0042 (Low) detected in Fabric-1.2.0.tar.gz #4

mend-for-github-com · 2019-11-19T09:07:05Z

WS-2015-0042 - Low Severity Vulnerability

Vulnerable Library - Fabric-1.2.0.tar.gz

Fabric is a simple, Pythonic tool for remote execution and deployment.

Library home page: https://files.pythonhosted.org/packages/17/7c/86f3e52251a7062bfc2c3b6d381b14235fff07a2072231941637b0bba056/Fabric-1.2.0.tar.gz

Path to dependency file: /tmp/ws-scm/quantumsim/requirements.txt

Path to vulnerable library: /quantumsim/requirements.txt

Dependency Hierarchy:

❌ Fabric-1.2.0.tar.gz (Vulnerable Library)

Found in HEAD commit: d6624156203bb0fc439915ed3fc47432b9cbbeb5

Vulnerability Details

The upload_template() function in Fabric in versions 0.9.0 before 1.13.2 is vulernable. Clean up temp file with sudo uploads if destination path is invalid.

Publish Date: 2015-06-26

URL: WS-2015-0042

CVSS 2 Score Details (2.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: fabric/fabric#1341

Release Date: 2017-01-31

Fix Resolution: 1.13.2

Check this box to open an automated fix MR

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Nov 19, 2019

elikkatzgit closed this as completed Nov 19, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2015-0042 (Low) detected in Fabric-1.2.0.tar.gz #4

WS-2015-0042 (Low) detected in Fabric-1.2.0.tar.gz #4

mend-for-github-com bot commented Nov 19, 2019

WS-2015-0042 (Low) detected in Fabric-1.2.0.tar.gz #4

WS-2015-0042 (Low) detected in Fabric-1.2.0.tar.gz #4

Comments

mend-for-github-com bot commented Nov 19, 2019

WS-2015-0042 - Low Severity Vulnerability