rmontenegroo/vmware_exporter:requirements.txt

Vulnerabilities

2 via 3 paths

Dependencies

28

Source

GitHub

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity

Arbitrary Code Execution

  • Vulnerable module: pyyaml
  • Introduced through: pyyaml@5.3.1

Detailed paths

  • Introduced through: rmontenegroo/vmware_exporter@rmontenegroo/vmware_exporter pyyaml@5.3.1

Overview

pyyaml is a YAML parser and emitter for Python.

Affected versions of this package are vulnerable to Arbitrary Code Execution. It processes untrusted YAML files through the full_load method or with the FullLoader loader. This is due to an incomplete fix for CVE-2020-1747

Remediation

There is no fixed version for pyyaml.

References

medium severity

Cryptographic Issues

  • Vulnerable module: ipaddress
  • Introduced through: service-identity@18.1.0

Detailed paths

  • Introduced through: rmontenegroo/vmware_exporter@rmontenegroo/vmware_exporter service-identity@18.1.0 ipaddress@1.0.23
  • Introduced through: rmontenegroo/vmware_exporter@rmontenegroo/vmware_exporter service-identity@18.1.0 cryptography@3.2.1 ipaddress@1.0.23

Overview

ipaddress is an IPv4/IPv6 manipulation library

Affected versions of this package are vulnerable to Cryptographic Issues. The hash() methods of classes IPv4Interface and IPv6Interface had issue of generating constant hash values of 32 and 128 respectively causing hash collisions. The fix uses the hash() function to generate hash values for the objects instead of XOR operation.

Remediation

There is no fixed version for ipaddress.

References