Giters

Appsilon / ansible-shinycannon

Ansible role to install RStudio Shinycannon

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ansible_lint-5.4.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 5.5)

mend-bolt-for-github opened this issue · comments

commented
Vulnerable Library - ansible_lint-5.4.0-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (ansible_lint version) Remediation Possible**
CVE-2022-40896 Medium 5.5 Pygments-2.11.2-py3-none-any.whl Transitive N/A*

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-40896

Vulnerable Library - Pygments-2.11.2-py3-none-any.whl

Pygments is a syntax highlighting package written in Python.

Library home page: https://files.pythonhosted.org/packages/1d/17/ed4d2df187995561b28f1073df24137cb750e12f9879d291cc8ab67c65d2/Pygments-2.11.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt

Dependency Hierarchy:

  • ansible_lint-5.4.0-py3-none-any.whl (Root Library)
    • rich-11.2.0-py3-none-any.whl
      • Pygments-2.11.2-py3-none-any.whl (Vulnerable Library)

Found in base branch: main

Vulnerability Details

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

Publish Date: 2023-07-19

URL: CVE-2022-40896

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://pyup.io/vulnerabilities/CVE-2022-40896/58910/

Release Date: 2023-07-19

Fix Resolution: pygments - 2.15.0

Step up your Open Source Security Game with Mend here