mapup / edit-osm-add-missing-bridge-for-truck-restriction Goto Github PK
View Code? Open in Web Editor NEWAutomate adding bridge information to OSM using JOSM
License: Other
Automate adding bridge information to OSM using JOSM
License: Other
Python HTTP for Humans.
Library home page: https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 201ffccf9994bc4474564734be55f2d52d352c3a
CVE | Severity | Dependency | Type | Fixed in (requests version) | Remediation Possible** | |
---|---|---|---|---|---|---|
CVE-2024-35195 | 5.6 | requests-2.31.0-py3-none-any.whl | Direct | requests - 2.32.2 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Python HTTP for Humans.
Library home page: https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 201ffccf9994bc4474564734be55f2d52d352c3a
Found in base branch: main
Requests is a HTTP library. Prior to 2.32.2, when making requests through a Requests Session
, if the first request is made with verify=False
to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify
. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.2.
Publish Date: 2024-05-20
URL: CVE-2024-35195
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-9wx4-h78v-vm56
Release Date: 2024-05-20
Fix Resolution: requests - 2.32.2
Step up your Open Source Security Game with Mend here
Fundamental package for array computing in Python
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 201ffccf9994bc4474564734be55f2d52d352c3a
CVE | Severity | Dependency | Type | Fixed in (numpy version) | Remediation Possible** | |
---|---|---|---|---|---|---|
CVE-2021-34141 | 5.3 | numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl | Direct | 1.22.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Fundamental package for array computing in Python
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 201ffccf9994bc4474564734be55f2d52d352c3a
Found in base branch: main
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
Mend Note: After conducting further research, Mend has determined that versions 1.12.0 through 1.21.6 of numpy are vulnerable to CVE-2021-34141
Publish Date: 2021-12-17
URL: CVE-2021-34141
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34141
Release Date: 2021-12-17
Fix Resolution: 1.22.0
Step up your Open Source Security Game with Mend here
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/d2/b2/b157855192a68541a91ba7b2bbcb91f1b4faa51f8bae38d8005c034be524/urllib3-2.0.7-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 201ffccf9994bc4474564734be55f2d52d352c3a
CVE | Severity | Dependency | Type | Fixed in (urllib3 version) | Remediation Possible** | |
---|---|---|---|---|---|---|
CVE-2024-37891 | 4.4 | urllib3-2.0.7-py3-none-any.whl | Direct | 2.2.2 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/d2/b2/b157855192a68541a91ba7b2bbcb91f1b4faa51f8bae38d8005c034be524/urllib3-2.0.7-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 201ffccf9994bc4474564734be55f2d52d352c3a
Found in base branch: main
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager
, the Proxy-Authorization
header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization
header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the Proxy-Authorization
HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the Proxy-Authorization
header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the Proxy-Authorization
header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the Proxy-Authorization
header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the Proxy-Authorization
header with urllib3's ProxyManager
, disable HTTP redirects using redirects=False
when sending requests, or not user the Proxy-Authorization
header as mitigations.
Publish Date: 2024-06-17
URL: CVE-2024-37891
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-34jh-p97f-mpxf
Release Date: 2024-06-17
Fix Resolution: 2.2.2
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.