Skip to content

Commit

Permalink
fix: Packs/Exchange2016_Compliance/Integrations/Exchange2016_Complian…
Browse files Browse the repository at this point in the history 
…ce/doc_files/requirements.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CERTIFI-5805047
- https://snyk.io/vuln/SNYK-PYTHON-PYYAML-42159
- https://snyk.io/vuln/SNYK-PYTHON-REQUESTS-72435
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-1014645
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174323
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-174464
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5969479
  • Loading branch information
@snyk-bot
snyk-bot committed Jun 5, 2024
1 parent 994c74b commit b06bef1
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions ...s/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/doc_files/requirements.txt
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
certifi==2017.11.5
certifi==2023.7.22
chardet==3.0.4
idna==2.6
olefile==0.44
pyyaml==3.12
requests==2.18.4
urllib3==1.22
pyyaml==4.2b1

Check failure on line 5 in Packs/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/doc_files/requirements.txt

View check run for this annotation

Wiz Inc. (98909e62bd) / Wiz Vulnerability Scanner

pyyaml:4.2b1 

Detected Vulnerabilities:
  CVE-2020-14343, Severity: Critical, Source: https://github.com/advisories/GHSA-8q59-q68h-6hv4
    CVSS score: 9.8, CVSS exploitability score: 3.9
    🩹 Fixed version: 5.4.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2020-1747, Severity: Critical, Source: https://github.com/advisories/GHSA-6757-jp84-gxfx
    CVSS score: 9.8, CVSS exploitability score: 3.9
    🩹 Fixed version: 5.3.1
    💥 Has public exploit
    🧨 Has CISA KEV exploit

Check failure on line 5 in Packs/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/doc_files/requirements.txt

View check run for this annotation

Wiz Inc. (98909e62bd) / Wiz Vulnerability Scanner

pyyaml:4.2b1 

Detected Vulnerabilities:
  CVE-2020-14343, Severity: Critical, Source: https://github.com/advisories/GHSA-8q59-q68h-6hv4
    CVSS score: 9.8, CVSS exploitability score: 3.9
    🩹 Fixed version: 5.4.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2020-1747, Severity: Critical, Source: https://github.com/advisories/GHSA-6757-jp84-gxfx
    CVSS score: 9.8, CVSS exploitability score: 3.9
    🩹 Fixed version: 5.3.1
    💥 Has public exploit
    🧨 Has CISA KEV exploit
requests==2.20

Check warning on line 6 in Packs/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/doc_files/requirements.txt

View check run for this annotation

Wiz Inc. (98909e62bd) / Wiz Vulnerability Scanner

requests:2.20 

Detected Vulnerabilities:
  CVE-2024-35195, Severity: Medium, Source: https://github.com/advisories/GHSA-9wx4-h78v-vm56
    🩹 Fixed version: 2.32.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2023-32681, Severity: Medium, Source: https://github.com/advisories/GHSA-j8r2-6x86-q33q
    CVSS score: 6.1, CVSS exploitability score: 1.6
    🩹 Fixed version: 2.31.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit

Check warning on line 6 in Packs/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/doc_files/requirements.txt

View check run for this annotation

Wiz Inc. (98909e62bd) / Wiz Vulnerability Scanner

requests:2.20 

Detected Vulnerabilities:
  CVE-2023-32681, Severity: Medium, Source: https://github.com/advisories/GHSA-j8r2-6x86-q33q
    CVSS score: 6.1, CVSS exploitability score: 1.6
    🩹 Fixed version: 2.31.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2024-35195, Severity: Medium, Source: https://github.com/advisories/GHSA-9wx4-h78v-vm56
    🩹 Fixed version: 2.32.0
    💥 Has public exploit
    🧨 Has CISA KEV exploit
urllib3==1.25.9

Check failure on line 7 in Packs/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/doc_files/requirements.txt

View check run for this annotation

Wiz Inc. (98909e62bd) / Wiz Vulnerability Scanner

urllib3:1.25.9 

Detected Vulnerabilities:
  CVE-2021-33503, Severity: High, Source: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
    CVSS score: 7.5, CVSS exploitability score: 3.9
    🩹 Fixed version: 1.26.5
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2023-45803, Severity: Medium, Source: https://github.com/advisories/GHSA-g4mx-q9vg-27p4
    CVSS score: 4.2, CVSS exploitability score: 0.5
    🩹 Fixed version: 1.26.18
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2023-43804, Severity: Medium, Source: https://github.com/advisories/GHSA-v845-jxx5-vc9f
    CVSS score: 8.1, CVSS exploitability score: 2.8
    🩹 Fixed version: 1.26.17
    💥 Has public exploit
    🧨 Has CISA KEV exploit

Check failure on line 7 in Packs/Exchange2016_Compliance/Integrations/Exchange2016_Compliance/doc_files/requirements.txt

View check run for this annotation

Wiz Inc. (98909e62bd) / Wiz Vulnerability Scanner

urllib3:1.25.9 

Detected Vulnerabilities:
  CVE-2023-43804, Severity: Medium, Source: https://github.com/advisories/GHSA-v845-jxx5-vc9f
    CVSS score: 8.1, CVSS exploitability score: 2.8
    🩹 Fixed version: 1.26.17
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2021-33503, Severity: High, Source: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg
    CVSS score: 7.5, CVSS exploitability score: 3.9
    🩹 Fixed version: 1.26.5
    💥 Has public exploit
    🧨 Has CISA KEV exploit
  CVE-2023-45803, Severity: Medium, Source: https://github.com/advisories/GHSA-g4mx-q9vg-27p4
    CVSS score: 4.2, CVSS exploitability score: 0.5
    🩹 Fixed version: 1.26.18
    💥 Has public exploit
    🧨 Has CISA KEV exploit

0 comments on commit b06bef1

Please sign in to comment.