Vulnerabilities

 1 via 1 paths

Dependencies

 3

Source

 GitHub

Commit

 26b34b8f

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Insufficient Resource Pool

  • Vulnerable module: cbor2
  • Introduced through: cbor2@4.1.2

Detailed paths

  • Introduced through: digitalmensch/sqlf@digitalmensch/sqlf#26b34b8fef12c7b86c6784718ca6937dbdf89200 cbor2@4.1.2
    Remediation: Upgrade to cbor2@5.6.0.

Overview

cbor2 is a CBOR (de)serializer with extensive tag support

Affected versions of this package are vulnerable to Insufficient Resource Pool due to a MemoryError when decoding large definite strings. Exploiting this vulnerability could lead to a system crash.

Remediation

Upgrade cbor2 to version 5.6.0 or higher.

References

Insufficient Resource Pool vulnerability report