Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency mysqlclient to v2 (master) #90

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency mysqlclient to v2

1228ffe
Select commit
Loading
Failed to load commit list.
Open

Update dependency mysqlclient to v2 (master) #90

Update dependency mysqlclient to v2
1228ffe
Select commit
Loading
Failed to load commit list.
Mend Bolt for GitHub / WhiteSource Security Check failed Nov 13, 2024 in 3m 0s

Security Report

You have successfully remediated 8 vulnerabilities, but introduced 27 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
CVE-2023-41419

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/gevent-1.4.0.dist-info

Dependency Hierarchy:

-> ❌ gevent-1.4.0.tar.gz (Vulnerable Library)

Critical 9.8 gevent-1.4.0.tar.gz Upgrade to version: gevent - 23.9.0 None
CVE-2024-25128

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Critical 9.1 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.3.11 None
CVE-2021-41265

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

High 8.1 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.3.4 #104
CVE-2023-46136

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Werkzeug-1.0.1.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> Flask-1.1.4-py2.py3-none-any.whl

     -> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

High 8.0 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: werkzeug - 2.3.8,3.0.1 None
CVE-2024-49767

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Werkzeug-1.0.1.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> Flask-1.1.4-py2.py3-none-any.whl

     -> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: quart - 0.19.7;werkzeug - 3.0.6 None
CVE-2024-3651

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/idna-2.10.dist-info

Dependency Hierarchy:

-> requests-2.23.0-py2.py3-none-any.whl (Root Library)

   -> ❌ idna-2.10-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 idna-2.10-py2.py3-none-any.whl Upgrade to version: idna - 3.7 None
CVE-2024-34069

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Werkzeug-1.0.1.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> Flask-1.1.4-py2.py3-none-any.whl

     -> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: Werkzeug - 3.0.3 None
CVE-2023-30861

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask-1.1.4.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> ❌ Flask-1.1.4-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 Flask-1.1.4-py2.py3-none-any.whl Upgrade to version: flask - 2.2.5,2.3.2 None
CVE-2023-29005

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

High 7.5 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.3.0 None
CVE-2023-25577

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Werkzeug-1.0.1.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> Flask-1.1.4-py2.py3-none-any.whl

     -> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: Werkzeug - 2.2.3 None
CVE-2021-33503

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/urllib3-1.25.11.dist-info

Dependency Hierarchy:

-> requests-2.23.0-py2.py3-none-any.whl (Root Library)

   -> ❌ urllib3-1.25.11-py2.py3-none-any.whl (Vulnerable Library)

High 7.5 urllib3-1.25.11-py2.py3-none-any.whl Upgrade to version: urllib3 - 1.26.5 #95
CVE-2024-1135

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/gunicorn-20.0.4.dist-info

Dependency Hierarchy:

-> ❌ gunicorn-20.0.4-py2.py3-none-any.whl (Vulnerable Library)

High 7.4 gunicorn-20.0.4-py2.py3-none-any.whl Upgrade to version: gunicorn - 22.0.0 None
CVE-2022-29217

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/PyJWT-1.7.1.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> ❌ PyJWT-1.7.1-py2.py3-none-any.whl (Vulnerable Library)

High 7.4 PyJWT-1.7.1-py2.py3-none-any.whl Upgrade to version: PyJWT - 2.4.0 None
CVE-2021-32805

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

High 7.2 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.3.2 #105
CVE-2022-24776

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Medium 6.1 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.4.5 None
CVE-2023-43804

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/urllib3-1.25.11.dist-info

Dependency Hierarchy:

-> requests-2.23.0-py2.py3-none-any.whl (Root Library)

   -> ❌ urllib3-1.25.11-py2.py3-none-any.whl (Vulnerable Library)

Medium 5.9 urllib3-1.25.11-py2.py3-none-any.whl Upgrade to version: urllib3 - 1.26.17,2.0.6 #121
CVE-2024-34064

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Jinja2-2.11.3.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> Flask_Babel-1.0.0-py3-none-any.whl

     -> ❌ Jinja2-2.11.3-py2.py3-none-any.whl (Vulnerable Library)

Medium 5.4 Jinja2-2.11.3-py2.py3-none-any.whl Upgrade to version: Jinja2 - 3.1.4 None
CVE-2024-22195

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Jinja2-2.11.3.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> Flask_Babel-1.0.0-py3-none-any.whl

     -> ❌ Jinja2-2.11.3-py2.py3-none-any.whl (Vulnerable Library)

Medium 5.4 Jinja2-2.11.3-py2.py3-none-any.whl Upgrade to version: jinja2 - 3.1.3 None
CVE-2022-21659

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Medium 5.3 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.4.4 #103
CVE-2021-29621

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Medium 5.3 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 3.3.0 #106
CVE-2024-37891

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/urllib3-1.25.11.dist-info

Dependency Hierarchy:

-> requests-2.23.0-py2.py3-none-any.whl (Root Library)

   -> ❌ urllib3-1.25.11-py2.py3-none-any.whl (Vulnerable Library)

Medium 4.4 urllib3-1.25.11-py2.py3-none-any.whl Upgrade to version: urllib3 - 1.26.19,2.2.2 None
CVE-2023-45803

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/urllib3-1.25.11.dist-info

Dependency Hierarchy:

-> requests-2.23.0-py2.py3-none-any.whl (Root Library)

   -> ❌ urllib3-1.25.11-py2.py3-none-any.whl (Vulnerable Library)

Medium 4.2 urllib3-1.25.11-py2.py3-none-any.whl Upgrade to version: urllib3 - 1.26.18,2.0.7 #124
CVE-2024-49766

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Werkzeug-1.0.1.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> Flask-1.1.4-py2.py3-none-any.whl

     -> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

Low 3.7 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: Werkzeug - 3.0.6 None
CVE-2024-45314

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Low 3.6 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.5.1 None
CVE-2023-34110

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Low 2.7 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.3.2 None
CVE-2022-31177

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Flask_AppBuilder-2.3.0.dist-info

Dependency Hierarchy:

-> ❌ Flask_AppBuilder-2.3.0-py3-none-any.whl (Vulnerable Library)

Low 2.7 Flask_AppBuilder-2.3.0-py3-none-any.whl Upgrade to version: Flask-AppBuilder - 4.1.3 None
CVE-2023-23934

Path to dependency file: /requirements.txt

Path to vulnerable library: /tmp/ws-ua_20241113053202_PCKWPV/python_QQFFNR/202411130532031/env/lib/python3.8/site-packages/Werkzeug-1.0.1.dist-info

Dependency Hierarchy:

-> Flask_AppBuilder-2.3.0-py3-none-any.whl (Root Library)

   -> Flask-1.1.4-py2.py3-none-any.whl

     -> ❌ Werkzeug-1.0.1-py2.py3-none-any.whl (Vulnerable Library)

Low 2.6 Werkzeug-1.0.1-py2.py3-none-any.whl Upgrade to version: Werkzeug - 2.2.3 None

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
CVE-2024-3651 idna-2.9-py2.py3-none-any.whl
CVE-2021-33503 urllib3-1.25.8-py2.py3-none-any.whl
CVE-2024-37891 urllib3-1.25.8-py2.py3-none-any.whl
CVE-2023-45803 urllib3-1.25.8-py2.py3-none-any.whl
CVE-2023-43804 urllib3-1.25.8-py2.py3-none-any.whl
CVE-2023-37920 certifi-2019.11.28-py2.py3-none-any.whl
CVE-2022-23491 certifi-2019.11.28-py2.py3-none-any.whl
CVE-2020-26137 urllib3-1.25.8-py2.py3-none-any.whl

Base branch total remaining vulnerabilities: 21
Base branch commit: null


Total libraries scanned: 67

Scan token: a51f113b890c43519100c2528f321684

View more details on Mend Bolt for GitHub