Open mend-bolt-for-github[bot] opened 3 years ago
Wrapper package for OpenCV python bindings.
Library home page: https://files.pythonhosted.org/packages/f8/b0/89f8abccea0810b43d25033d6a02dbe81494cd0013a61ce588c0c0d90dd1/opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl
Path to dependency file: /client/requirements.txt
Path to vulnerable library: /client/requirements.txt
Dependency Hierarchy: - :x: **opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl** (Vulnerable Library)
Found in base branch: dev
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
Publish Date: 2019-08-01
URL: CVE-2019-14493
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3448-vrgh-85xr
Release Date: 2019-08-01
Fix Resolution: 3.4.16.57
Step up your Open Source Security Game with Mend here
CVE-2019-14493 - High Severity Vulnerability
Wrapper package for OpenCV python bindings.
Library home page: https://files.pythonhosted.org/packages/f8/b0/89f8abccea0810b43d25033d6a02dbe81494cd0013a61ce588c0c0d90dd1/opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl
Path to dependency file: /client/requirements.txt
Path to vulnerable library: /client/requirements.txt
Dependency Hierarchy: - :x: **opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl** (Vulnerable Library)
Found in base branch: dev
An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp.
Publish Date: 2019-08-01
URL: CVE-2019-14493
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-3448-vrgh-85xr
Release Date: 2019-08-01
Fix Resolution: 3.4.16.57
Step up your Open Source Security Game with Mend here