PR #4 #2
ablylercodeql
on: dynamic
Matrix: Analyze
Annotations
2 errors and 1 warning
|
osv-scanner(GHSA-gfw2-4jvh-wgfg):
Pipfile.lock#L1
[new] 'aiohttp' is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in 'AIOHTTP' has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues. Current version is vulnerable: 3.8.5. Patch available: upgrade to 3.8.6 or higher.
|
|
osv-scanner(GHSA-gfw2-4jvh-wgfg):
Pipfile.lock#L1
[new] 'aiohttp' is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in 'AIOHTTP' has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues. Current version is vulnerable: 3.8.5. Patch available: upgrade to 3.8.6 or higher.
|
|
Analyze (python)
An error occurred while trying to automatically install Python dependencies: Error: The process '/usr/bin/python3' failed with exit code 1
Please make sure any necessary dependencies are installed before calling the codeql-action/analyze step, and add a 'setup-python-dependencies: false' argument to this step to disable our automatic dependency installation and avoid this warning.
|