Skip to content

Upgraded versions for dependent repo and included gunicorn as http se… #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 1, 2023
Merged

Upgraded versions for dependent repo and included gunicorn as http se… #35

merged 2 commits into from
Feb 1, 2023

Conversation

@rednitish
Copy link
Contributor

@rednitish rednitish commented Jan 20, 2023

"Upgraded versions for dependent repo and included gunicorn as http server"

@rednitish rednitish self-assigned this Jan 20, 2023
aprajshekhar
aprajshekhar previously approved these changes Jan 20, 2023
View reviewed changes
Copy link
Contributor

@aprajshekhar aprajshekhar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rednitish
Upgraded versions for dependent repo and included gunicorn as http se…
c512265 
…rver

- reverted redis version as dependency also needed to be chaged.

- Versions for flask updated to available

- Versions for gitpython updated to >=3.1.20

- Versions for marshmellow updated to >=3.14.1

- Versions for requests updated to >=2.27.1

- contextvars library added
@rednitish rednitish force-pushed the nisharma_CCSOPS-1716 branch from bab60ef to c512265 Compare January 20, 2023 14:26
@rednitish
- resolved another critical vulerability CVE-2022-24439 Detail
ecda4cc 
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

Resolution ::
Upgrade GitPython to version 3.1.30 or higher.
https://nvd.nist.gov/vuln/detail/CVE-2022-24439
https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858
aprajshekhar
aprajshekhar approved these changes Feb 1, 2023
View reviewed changes
Copy link
Contributor

@aprajshekhar aprajshekhar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@aprajshekhar aprajshekhar merged commit 7d05a6a into master Feb 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aprajshekhar aprajshekhar aprajshekhar approved these changes

Assignees

@rednitish rednitish

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rednitish @aprajshekhar