PyPI: freewvs
CVE-2020-15100
Safety vulnerability ID: SFTY-20200714-77412
Safety legacy ID: pyup.io-54185
In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.
Overview
freewvs vulnerable to denial of service through large files
Advisory
In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.
How to Fix
Upgrade
freewvs
to0.1.1
or higher.Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20200714-77412/CVE-2020-15100
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15100
- https://github.com/advisories/GHSA-9cfv-9463-8gqv
- https://github.com/schokokeksorg/freewvs/commit/18bbf2043e53f69e0119d24f8ae4edb274afb9b2
- https://github.com/schokokeksorg/freewvs/security/advisories/GHSA-9cfv-9463-8gqv
- https://nvd.nist.gov/vuln/detail/CVE-2020-15100
- https://github.com/schokokeksorg/freewvs/security/advisories/GHSA-9cfv-9463-8gqv
- https://nvd.nist.gov/vuln/detail/CVE-2020-15100
- https://github.com/schokokeksorg/freewvs/commit/18bbf2043e53f69e0119d24f8ae4edb274afb9b2
- https://github.com/pypa/advisory-database/tree/main/vulns/freewvs/PYSEC-2020-232.yaml
- https://github.com/advisories/GHSA-9cfv-9463-8gqv
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more