Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk: High] Gevent Race Conditions (Due: 12/06/24) #6544

Open
cnlucas opened this issue Nov 6, 2024 · 0 comments · May be fixed by #6552
Open

[Snyk: High] Gevent Race Conditions (Due: 12/06/24) #6544

cnlucas opened this issue Nov 6, 2024 · 0 comments · May be fixed by #6552
Assignees
@tmpayton
Labels
Security: general General security concern or issue Security: high Remediate within 30 days
Milestone
26.6

Comments

@cnlucas
Copy link
Member

cnlucas commented Nov 6, 2024

Introduced through
[email protected]
Fixed in
[email protected]

Exploit maturity
No known exploit

Detailed paths and remediation

Introduced through: root@* › [email protected]
Fix: Upgrade gevent to version 24.10.1

Security information
Factors contributing to the scoring:

Snyk: [CVSS v4.0 8.3](https://security.snyk.io/vuln/SNYK-PYTHON-GEVENT-8320934) - High Severity | [CVSS v3.1 6.5](https://security.snyk.io/vuln/SNYK-PYTHON-GEVENT-8320934) - Medium Severity
NVD: NVD only publishes analysis of vulnerabilities which are assigned a CVE ID. This vulnerability currently does not have an assigned CVE ID.

Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview

Affected versions of this package are vulnerable to Race Condition when the fallback socketpair implementation is used on platforms that lack native support and the vulnerable function does not properly authenticate the connected sockets. An attacker must be able to predict the address and port and establish a connection before the legitimate client.
@cnlucas cnlucas added Security: general General security concern or issue Security: high Remediate within 30 days labels Nov 6, 2024
@cnlucas cnlucas added this to the 26.6 milestone Nov 6, 2024
@cnlucas cnlucas mentioned this issue Nov 6, 2024
Closed
2 tasks
@tmpayton tmpayton self-assigned this Nov 13, 2024
@tmpayton tmpayton moved this to 📥 Assigned in Website project Nov 13, 2024
@cnlucas cnlucas mentioned this issue Nov 13, 2024
Closed
3 tasks
@tmpayton tmpayton linked a pull request Nov 14, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tmpayton tmpayton

Labels
Security: general General security concern or issue Security: high Remediate within 30 days
Projects
Website project
Status: 👀 Ready
Milestone
26.6
Development

Successfully merging a pull request may close this issue.

upgrade gevent v24 fecgov/fec-cms
2 participants
@cnlucas @tmpayton