Latest data: Sun Oct 27 08:05:14 UTC 2024

Homebrew · Oct 27, 2024 · 34910d5 · 34910d5
1 parent 4ef9c84
commit 34910d5
Show file tree

Hide file tree

Showing 31 changed files with 104 additions and 4,745 deletions.
diff --git a/audits/aws-sam-cli-requirements.audit.json b/audits/aws-sam-cli-requirements.audit.json
diff --git a/audits/buku-requirements.audit.json b/audits/buku-requirements.audit.json
@@ -201,6 +201,9 @@
         "aliases": [
           "CVE-2024-49766"
         ],
+        "related": [
+          "CGA-386h-56mx-h78g"
+        ],
         "summary": "Werkzeug safe_join not safe on Windows",
         "details": "On Python < 3.11 on Windows, `os.path.isabs()` does not catch UNC paths like `//server/share`. Werkzeug's `safe_join()` relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.",
         "affected": [
@@ -373,6 +376,9 @@
         "aliases": [
           "CVE-2024-49767"
         ],
+        "related": [
+          "CGA-3m9h-7wmp-p5r3"
+        ],
         "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
         "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",
         "affected": [

diff --git a/audits/certsync-requirements.audit.json b/audits/certsync-requirements.audit.json
@@ -17,6 +17,9 @@
         "aliases": [
           "CVE-2024-49766"
         ],
+        "related": [
+          "CGA-386h-56mx-h78g"
+        ],
         "summary": "Werkzeug safe_join not safe on Windows",
         "details": "On Python < 3.11 on Windows, `os.path.isabs()` does not catch UNC paths like `//server/share`. Werkzeug's `safe_join()` relies on this check, and so can produce a path that is not safe, potentially allowing unintended access to data. Applications using Python >= 3.11, or not using Windows, are not vulnerable.",
         "affected": [
@@ -189,6 +192,9 @@
         "aliases": [
           "CVE-2024-49767"
         ],
+        "related": [
+          "CGA-3m9h-7wmp-p5r3"
+        ],
         "summary": "Werkzeug possible resource exhaustion when parsing file data in forms",
         "details": "Applications using Werkzeug to parse `multipart/form-data` requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the `Request.max_form_memory_size` setting.\n\nThe `Request.max_content_length` setting, as well as resource limits provided by deployment software and platforms, are also available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",
         "affected": [