levyforchh / calm-dsl Goto Github PK
View Code? Open in Web Editor NEWThis project forked from nutanix/calm-dsl
Keep Calm and DSL On!
Home Page: https://www.nutanix.com/products/calm
License: Apache License 2.0
This project forked from nutanix/calm-dsl
Keep Calm and DSL On!
Home Page: https://www.nutanix.com/products/calm
License: Apache License 2.0
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
Publish Date: 2020-06-25
URL: CVE-2020-11538
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
Publish Date: 2020-06-25
URL: CVE-2020-10177
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
A security issue was found in python-pillow before version 8.1.1. The previous fix for CVE-2020-35654 was insufficent due to incorrect error checking in TiffDecode.c, so the potentially exploitable heap-based buffer overflow when decoding crafted YCbCr files is still possible.
Publish Date: 2021-01-18
URL: CVE-2021-25289
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
Publish Date: 2021-01-12
URL: CVE-2020-35654
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35654
Release Date: 2021-01-12
Fix Resolution: 8.1.0
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/7a/ac/e5caaa241de06024766872714c38d14e5f885dc453a4b8f9e6463b67c164/lxml-4.5.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/gui-requirements.txt
Path to vulnerable library: calm-dsl/gui-requirements.txt
Dependency Hierarchy:
lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.
Publish Date: 2021-03-21
URL: CVE-2021-28957
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28957
Release Date: 2021-03-21
Fix Resolution: 4.6.2
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
Publish Date: 2020-06-25
URL: CVE-2020-10378
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
A security issue was found in python-pillow before version 8.1.1. In TiffDecode.c, invalid tile boundaries could lead to an out of bounds read in TiffReadRGBATile.
Publish Date: 2021-01-18
URL: CVE-2021-25291
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
Publish Date: 2021-03-03
URL: CVE-2021-27921
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
Release Date: 2021-03-03
Fix Resolution: Pillow - 8.1.2
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled.
Publish Date: 2021-01-12
URL: CVE-2020-35655
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35655
Release Date: 2021-01-12
Fix Resolution: 8.1.0
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
A security issue was found in python-pillow before version 8.1.1. There is an out of bounds read in SGIRleDecode.c, since pillow 4.3.0.
Publish Date: 2021-01-18
URL: CVE-2021-25293
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
A security issue was found in python-pillow before version 8.1.1. The PDF parser has a catastrophic backtracking regex that could be used in a denial of service (DoS) attack.
Publish Date: 2021-01-18
URL: CVE-2021-25292
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
Publish Date: 2020-06-25
URL: CVE-2020-10994
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
Publish Date: 2021-03-03
URL: CVE-2021-27922
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
Release Date: 2021-03-03
Fix Resolution: Pillow - 8.1.2
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
Publish Date: 2021-01-12
URL: CVE-2020-35653
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35653
Release Date: 2021-01-12
Fix Resolution: 8.1.0
A web-based notebook environment for interactive computing
Library home page: https://files.pythonhosted.org/packages/69/3c/ddeb2946f33f3e4058f4b7f996ae737c044a4c5c66a552a6e64817421b80/notebook-5.7.9-py2.py3-none-any.whl
Path to dependency file: calm-dsl/gui-requirements.txt
Path to vulnerable library: calm-dsl/gui-requirements.txt
Dependency Hierarchy:
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.
Publish Date: 2020-11-18
URL: CVE-2020-26215
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-c7vm-f5p4-8fqh
Release Date: 2020-11-18
Fix Resolution: 6.1.5
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
A security issue was found in python-pillow before version 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
Publish Date: 2021-01-18
URL: CVE-2021-25290
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html
Release Date: 2021-01-18
Fix Resolution: 8.1.1
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c.
Publish Date: 2020-06-25
URL: CVE-2020-10379
Base Score Metrics:
Type: Upgrade version
Origin: python-pillow/Pillow@41b554b
Release Date: 2020-06-25
Fix Resolution: 7.1.0
Powerful and Pythonic XML processing library combining libxml2/libxslt with the ElementTree API.
Library home page: https://files.pythonhosted.org/packages/7a/ac/e5caaa241de06024766872714c38d14e5f885dc453a4b8f9e6463b67c164/lxml-4.5.1-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/gui-requirements.txt
Path to vulnerable library: calm-dsl/gui-requirements.txt
Dependency Hierarchy:
A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Publish Date: 2020-12-03
URL: CVE-2020-27783
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1901633
Release Date: 2020-10-27
Fix Resolution: 4.6.1
IPv4/IPv6 manipulation library
Library home page: https://files.pythonhosted.org/packages/c2/f8/49697181b1651d8347d24c095ce46c7346c37335ddc7d255833e7cde674d/ipaddress-1.0.23-py2.py3-none-any.whl
Path to dependency file: calm-dsl/gui-requirements.txt
Path to vulnerable library: calm-dsl/gui-requirements.txt
Dependency Hierarchy:
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
Publish Date: 2020-06-18
URL: CVE-2020-14422
Base Score Metrics:
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2020-14422
Release Date: 2020-06-18
Fix Resolution: 3.5.3-1+deb9u2, 3.7.3-2+deb10u2, 3.8.4~rc1-1
Python Imaging Library (Fork)
Library home page: https://files.pythonhosted.org/packages/12/ad/61f8dfba88c4e56196bf6d056cdbba64dc9c5dfdfbc97d02e6472feed913/Pillow-6.2.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: calm-dsl/requirements.txt
Path to vulnerable library: calm-dsl/requirements.txt
Dependency Hierarchy:
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
Publish Date: 2021-03-03
URL: CVE-2021-27923
Base Score Metrics:
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html
Release Date: 2021-03-03
Fix Resolution: Pillow - 8.1.2
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.