Path to dependency file: /backend/src/apiserver/visualization/requirements.txt
Path to vulnerable library: /backend/src/apiserver/visualization/requirements.txt,/test/sample-test/requirements.txt,/backend/requirements.txt,/backend/api/python_http_client/requirements.txt
Path to dependency file: /backend/src/apiserver/visualization/requirements.txt
Path to vulnerable library: /backend/src/apiserver/visualization/requirements.txt,/test/sample-test/requirements.txt,/backend/requirements.txt,/backend/api/python_http_client/requirements.txt
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)
Clean single-source support for Python 3 and 2
Library home page: https://files.pythonhosted.org/packages/45/0b/38b06fd9b92dc2b68d58b75f900e97884c45bedd2ff83203d933cf5851c9/future-0.18.2.tar.gz
Path to dependency file: /backend/src/apiserver/visualization/requirements.txt
Path to vulnerable library: /backend/src/apiserver/visualization/requirements.txt,/test/sample-test/requirements.txt,/backend/requirements.txt,/backend/api/python_http_client/requirements.txt
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-40899
### Vulnerable Library - future-0.18.2.tar.gzClean single-source support for Python 3 and 2
Library home page: https://files.pythonhosted.org/packages/45/0b/38b06fd9b92dc2b68d58b75f900e97884c45bedd2ff83203d933cf5851c9/future-0.18.2.tar.gz
Path to dependency file: /backend/src/apiserver/visualization/requirements.txt
Path to vulnerable library: /backend/src/apiserver/visualization/requirements.txt,/test/sample-test/requirements.txt,/backend/requirements.txt,/backend/api/python_http_client/requirements.txt
Dependency Hierarchy: - :x: **future-0.18.2.tar.gz** (Vulnerable Library)
Found in base branch: master
### Vulnerability DetailsAn issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
Publish Date: 2022-12-23
URL: CVE-2022-40899
### CVSS 3 Score Details (7.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here. Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)