Skip to content

Taipy 3.1.1 affected by CVEs on flask-core and pymongo

High severity GitHub Reviewed Published Aug 27, 2024 in Avaiga/taipy • Updated Oct 10, 2024

Package

pip taipy (pip)

Affected versions

<= 3.1.1

Patched versions

4.0.0

Description

Summary

Indirect CVEs affect Taipy 3.1.1

Details

Taipy 3.1.1 is affected by two existing CVEs:
CVE-2024-1681 affects flask-core <4.0.1 and taipy 3.1.1 needs <=4.0.0
CVE-2024-5629 affects pymongo <4.6.3 and taipy 3.1.1 needs <=4.6.1

Please see References for further details.

Patch

please upgrade to the following versions:

Fixed on patch versions: >=3.1.2
and on major releases: >=4.0.0

Impact

pre-commit breaks when using dependency Taipy 3.1.1

References

@jrobinAV jrobinAV published to Avaiga/taipy Aug 27, 2024
Published to the GitHub Advisory Database Aug 27, 2024
Reviewed Aug 27, 2024
Last updated Oct 10, 2024

Severity

High

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-pp84-v3mw-gg4w

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.