Skip to content

[Snyk] Security upgrade gunicorn from 19.1.1 to 23.0.0#16

Open
donsantos wants to merge 1 commit into
masterfrom
snyk-fix-104c73c152fdeeccbf48e60508271cca
Open

[Snyk] Security upgrade gunicorn from 19.1.1 to 23.0.0#16
donsantos wants to merge 1 commit into
masterfrom
snyk-fix-104c73c152fdeeccbf48e60508271cca

Conversation

@donsantos

@donsantos donsantos commented Mar 24, 2025

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

  • requirements.txt
⚠️ Warning 
django-keen 0.1.3 has requirement keen==0.3.0, but you have keen 0.3.7.

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: requirements.txt to reduce vulnerabilities
4e13311 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-GUNICORN-9510910
@acn-tesch

acn-tesch commented Mar 24, 2025

Copy link
Copy Markdown

Logo
Checkmarx One – Scan Summary & Details0a419138-35cb-4f47-b5a2-7a3560a59395

New Issues (6)

Checkmarx found the following issues in this Pull Request

Severity Issue Source File / Package Checkmarx Insight
CRITICAL CVE-2019-7164 Python-SQLAlchemy-0.9.8
detailsRecommended version: 1.3.0
Description: SQLAlchemy through 1.3.0b2 allows SQL Injection via the "order_by parameter". This flaw is similar to CVE-2019-7548.
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
HIGH CVE-2019-7548 Python-SQLAlchemy-0.9.8
detailsRecommended version: 1.3.0
Description: SQLAlchemy through 1.3.0b2 has SQL Injection when the 'group_by' parameter can be controlled. This flaw is similar to CVE-2019-7164.
Attack Vector: LOCAL
Attack Complexity: LOW
Vulnerable Package
HIGH CVE-2023-5457 Python-Django-5.1.7
detailsDescription: A CWE-1269 "Product Released in Non-Release Configuration" vulnerability in the Django web framework used by the web application (due to the "debug...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
MEDIUM CVE-2018-25045 Python-djangorestframework-3.0.0
detailsRecommended version: 3.15.2
Description: Django REST framework (aka django-rest-framework) allows XSS in versions 2.0.0 through 3.9.0 because the default DRF Browsable API view templates d...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
MEDIUM CVE-2024-21520 Python-djangorestframework-3.0.0
detailsRecommended version: 3.15.2
Description: In djangorestframework versions prior to 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the 'break_long_headers' template filter due to im...
Attack Vector: NETWORK
Attack Complexity: LOW
Vulnerable Package
MEDIUM CVE-2024-35195 Python-requests-2.5.1
detailsRecommended version: 2.32.0
Description: Requests is an HTTP library. In the package requests versions prior to 2.32.0, when making requests through a Requests `Session`, if the first requ...
Attack Vector: LOCAL
Attack Complexity: HIGH
Vulnerable Package
Fixed Issues (5)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
LOW Client_Hardcoded_Domain /swapi/templates/base.html: 10
LOW Client_Hardcoded_Domain /swapi/templates/about.html: 24
LOW Client_Hardcoded_Domain /swapi/templates/base.html: 15
LOW Client_Hardcoded_Domain /swapi/templates/base.html: 16
LOW Client_Hardcoded_Domain /swapi/templates/index.html: 90

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@donsantos @acn-tesch @snyk-bot