[Snyk] Security upgrade cryptography from 3.2.1 to 41.0.6 #80
An automation triggered a pipeline failure
Found 80 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.
Output from Automations
6 rules were checked:
If a new dependency is added where the license risk is at least medium
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If there is a dependency where the license risk is at least high
then send a pipeline warning
✔️ The rule did not trigger. Manage rule
If a new dependency is added where the license risk is at least high
then fail pipeline
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning
Vulnerability | CVSS2 | CVSS3 | Dependency | Dependency Licenses |
---|---|---|---|---|
CVE-2019-7164 | 7.5 | 9.8 | sqlalchemy (pip) | MIT |
CVE-2022-24439 | N/A | 9.8 | gitpython (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2021-30459 | 7.5 | 9.8 | django-debug-toolbar (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2021-25289 | 7.5 | 9.8 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2022-22817 | 7.5 | 9.8 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2022-28347 | 7.5 | 9.8 | django (pip) | BSD-3-Clause |
CVE-2021-34552 | 7.5 | 9.8 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2022-28346 | 7.5 | 9.8 | django (pip) | BSD-3-Clause |
CVE-2023-40267 | N/A | 9.8 | gitpython (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2021-25288 | 6.4 | 9.1 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-25287 | 6.4 | 9.1 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2023-46233 | N/A | 9.1 | crypto-js (npm) | Debricked Unknown License, MIT |
CVE-2022-24303 | 6.4 | 9.1 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2020-35654 | 6.8 | 8.8 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2023-43804 | N/A | 8.1 | urllib3 (pip) | MIT |
CVE-2019-7548 | 6.8 | 7.8 | sqlalchemy (pip) | MIT |
CVE-2023-40590 | N/A | 7.8 | gitpython (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2021-21306 | 5 | 7.5 | marked (npm) | MIT |
CVE-2012-0805 | 7.5 | N/A | sqlalchemy (pip) | MIT |
CVE-2021-45115 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2021-45116 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2022-23833 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2022-21680 | 5 | 7.5 | marked (npm) | MIT |
CVE-2022-21681 | 5 | 7.5 | marked (npm) | MIT |
CVE-2023-27522 | N/A | 7.5 | uwsgi (pip) | GPL-2.0-only, GPL-2.0-or-later |
CVE-2022-24785 | 5 | 7.5 | moment (npm) | MIT |
CVE-2021-23343 | 5 | 7.5 | path-parse (npm) | MIT |
CVE-2022-2309 | 5 | 7.5 | lxml (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2022-31129 | 5 | 7.5 | moment (npm) | MIT |
CVE-2022-45198 | N/A | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2020-17495 | 5 | 7.5 | django-celery-results (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2023-31655 | N/A | 7.5 | redis (pip) | MIT |
CVE-2023-26115 | N/A | 7.5 | word-wrap (npm) | MIT |
CVE-2021-23437 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-23727 | 6 | 7.5 | celery (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2020-6817 | N/A | 7.5 | bleach (pip) | Apache-2.0, BSD-3-Clause |
CVE-2021-33503 | 5 | 7.5 | urllib3 (pip) | MIT |
CVE-2021-27922 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-28677 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-28676 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-25291 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-25290 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-25293 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-27923 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-27921 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-33571 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2021-31542 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2023-44271 | N/A | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2022-48285 | N/A | 7.3 | jszip (npm) | GPL-1.0-or-later, GPL-3.0-only, MIT |
CVE-2021-44420 | 7.5 | 7.3 | django (pip) | BSD-3-Clause |
CVE-2021-43818 | 6.8 | 7.1 | lxml (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2020-35653 | 5.8 | 7.1 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2022-22815 | 6.4 | 6.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2023-41040 | N/A | 6.5 | gitpython (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2023-28859 | N/A | 6.5 | redis (pip) | MIT |
CVE-2021-28363 | 6.4 | 6.5 | urllib3 (pip) | MIT |
CVE-2022-22816 | 6.4 | 6.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-25292 | 4.3 | 6.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2023-32681 | N/A | 6.1 | requests (pip) | Apache-2.0, ISC, MIT |
CVE-2020-6802 | 4.3 | 6.1 | bleach (pip) | Apache-2.0, BSD-3-Clause |
CVE-2022-22818 | 4.3 | 6.1 | django (pip) | BSD-3-Clause |
CVE-2020-6816 | 4.3 | 6.1 | bleach (pip) | Apache-2.0, BSD-3-Clause |
CVE-2021-23980 | N/A | 6.1 | bleach (pip) | Apache-2.0, BSD-3-Clause |
CVE-2021-23445 | 4.3 | 6.1 | datatables.net (npm) | MIT |
CVE-2020-27783 | 4.3 | 6.1 | lxml (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2021-32052 | 4.3 | 6.1 | django (pip) | BSD-3-Clause |
CVE-2021-28957 | 4.3 | 6.1 | lxml (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2021-28675 | 4.3 | 5.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-28678 | 4.3 | 5.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2020-35655 | 5.8 | 5.4 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-45452 | 5 | 5.3 | django (pip) | BSD-3-Clause |
CVE-2021-28658 | 5 | 5.3 | django (pip) | BSD-3-Clause |
CVE-2021-3281 | 5 | 5.3 | django (pip) | BSD-3-Clause |
CVE-2021-23413 | 5 | 5.3 | jszip (npm) | GPL-1.0-or-later, GPL-3.0-only, MIT |
CVE-2021-33203 | 4 | 4.9 | django (pip) | BSD-3-Clause |
CVE-2023-45803 | N/A | 4.2 | urllib3 (pip) | MIT |
CVE-2023-28858 | N/A | 3.7 | redis (pip) | MIT |
debricked-184644 | N/A | N/A | pillow (pip) | Debricked Unknown License, HPND |
debricked-229743 | N/A | N/A | pillow (pip) | Debricked Unknown License, HPND |
debricked-163806 | N/A | N/A | pillow (pip) | Debricked Unknown License, HPND |
If a dependency contains a vulnerability which has not been marked as unaffected
where CVSS is at least high (7.0-8.9)then fail pipeline
❌ The rule triggered for the following vulnerabilities, causing a pipeline failure. Manage rule
Vulnerability | CVSS2 | CVSS3 | Dependency | Dependency Licenses |
---|---|---|---|---|
CVE-2021-25289 | 7.5 | 9.8 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-30459 | 7.5 | 9.8 | django-debug-toolbar (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2022-22817 | 7.5 | 9.8 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2019-7164 | 7.5 | 9.8 | sqlalchemy (pip) | MIT |
CVE-2022-28346 | 7.5 | 9.8 | django (pip) | BSD-3-Clause |
CVE-2022-28347 | 7.5 | 9.8 | django (pip) | BSD-3-Clause |
CVE-2021-34552 | 7.5 | 9.8 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2022-24439 | N/A | 9.8 | gitpython (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2023-40267 | N/A | 9.8 | gitpython (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2021-25288 | 6.4 | 9.1 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-25287 | 6.4 | 9.1 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2023-46233 | N/A | 9.1 | crypto-js (npm) | Debricked Unknown License, MIT |
CVE-2022-24303 | 6.4 | 9.1 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2020-35654 | 6.8 | 8.8 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2023-43804 | N/A | 8.1 | urllib3 (pip) | MIT |
CVE-2023-40590 | N/A | 7.8 | gitpython (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2019-7548 | 6.8 | 7.8 | sqlalchemy (pip) | MIT |
CVE-2022-31129 | 5 | 7.5 | moment (npm) | MIT |
CVE-2023-27522 | N/A | 7.5 | uwsgi (pip) | GPL-2.0-only, GPL-2.0-or-later |
CVE-2022-45198 | N/A | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2022-2309 | 5 | 7.5 | lxml (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2020-17495 | 5 | 7.5 | django-celery-results (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2020-6817 | N/A | 7.5 | bleach (pip) | Apache-2.0, BSD-3-Clause |
CVE-2021-23343 | 5 | 7.5 | path-parse (npm) | MIT |
CVE-2022-24785 | 5 | 7.5 | moment (npm) | MIT |
CVE-2022-21680 | 5 | 7.5 | marked (npm) | MIT |
CVE-2023-31655 | N/A | 7.5 | redis (pip) | MIT |
CVE-2023-26115 | N/A | 7.5 | word-wrap (npm) | MIT |
CVE-2022-21681 | 5 | 7.5 | marked (npm) | MIT |
CVE-2021-23727 | 6 | 7.5 | celery (pip) | BSD-2-Clause, BSD-3-Clause |
CVE-2021-21306 | 5 | 7.5 | marked (npm) | MIT |
CVE-2021-25291 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-33503 | 5 | 7.5 | urllib3 (pip) | MIT |
CVE-2021-31542 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2021-33571 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2021-27923 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-27921 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-27922 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-25293 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-25290 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2023-44271 | N/A | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2022-23833 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2021-28676 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-28677 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-23437 | 5 | 7.5 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2012-0805 | 7.5 | N/A | sqlalchemy (pip) | MIT |
CVE-2021-45115 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2021-45116 | 5 | 7.5 | django (pip) | BSD-3-Clause |
CVE-2021-44420 | 7.5 | 7.3 | django (pip) | BSD-3-Clause |
CVE-2022-48285 | N/A | 7.3 | jszip (npm) | GPL-1.0-or-later, GPL-3.0-only, MIT |
CVE-2020-35653 | 5.8 | 7.1 | pillow (pip) | Debricked Unknown License, HPND |
CVE-2021-43818 | 6.8 | 7.1 | lxml (pip) | BSD-2-Clause, BSD-3-Clause |