Skip to content

Telefonica Evolved5g CafaTechNetApp4

Jump to bottom
Evolved5G edited this page Oct 31, 2023 · 10 revisions

Scan of repo: Telefonica/Evolved5g-CafaTechNetApp4

Summary

Severity Number of vulnerabilities
HIGH 5
MEDIUM 6
LOW 4

Vulnerabilities

Severity ID Title PkgName InstalledVersion FixedVersion
HIGH CVE-2023-30861 Cookie header Flask 2.2.2 2.3.2, 2.2.5
HIGH CVE-2023-25577 high resource usage when parsing multipart form data with many fields Werkzeug 2.2.2 2.2.3
HIGH CVE-2023-37920 Removal of e-Tugra root certificate certifi 2021.10.8 2023.7.22
HIGH CVE-2023-0286 X.400 address type confusion in X.509 GeneralName cryptography 38.0.4 39.0.1
HIGH CVE-2022-42969 The py library through 1.11.0 for Python allows remote attackers to co ... py 1.11.0
MEDIUM CVE-2023-46136 high resource consumption leading to denial of service Werkzeug 2.2.2 3.0.1
MEDIUM CVE-2022-23491 untrusted root certificates certifi 2021.10.8 2022.12.07
MEDIUM CVE-2023-23931 memory corruption via immutable objects cryptography 38.0.4 39.0.1
MEDIUM CVE-2023-32681 Unintended leak of Proxy-Authorization header requests 2.26.0 2.31.0
MEDIUM CVE-2023-43804 Cookie request header isn't stripped during cross-origin redirects urllib3 1.26.14 2.0.6, 1.26.17
MEDIUM CVE-2023-45803 Request body not stripped after redirect from 303 status changes request method to GET urllib3 1.26.14 2.0.7, 1.26.18
LOW CVE-2023-23934 cookie prefixed with = can shadow unprefixed cookie Werkzeug 2.2.2 2.2.3
LOW GHSA-5cpq-8wj7-hf2v Vulnerable OpenSSL included in cryptography wheels cryptography 38.0.4 41.0.0
LOW GHSA-jm77-qphf-c4w8 pyca/cryptography's wheels include vulnerable OpenSSL cryptography 38.0.4 41.0.3
LOW GHSA-v8gr-m533-ghj9 Vulnerable OpenSSL included in cryptography wheels cryptography 38.0.4 41.0.4

Date: 2023-10-31

Clone this wiki locally