Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yNThoLWY2ODctNDIyNs4AA-TG
PheonixAppAPI has visible Encoding Maps
Impact
This is a kind of moderate issue. The impact is not big for normal users but can be for users who want to secure their code/files/etc.
The issue is that the map of encoding/decoding languages are visible in code.
Patches
The Problem was patched in 0.2.5, so you should try to upgrade to the 0.2.5 version.
For 0.2.5 version users
Please run the post_install.py file inside the Scripts folder after downloading from pip.
Workarounds
There is a fix to this problem but it requires modifying the code. Modifying the code can lead to more issues.
References
There are currently no references to this problem.
NOTE: If you get a error regarding a function like -> get_key() or something like that, please re-run the file post_install.py inside Scripts folder
Permalink: https://github.com/advisories/GHSA-258h-f687-4226JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yNThoLWY2ODctNDIyNs4AA-TG
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 4 months ago
Updated: 11 days ago
CVSS Score: 4.4
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Identifiers: GHSA-258h-f687-4226, CVE-2024-41951
References:
- https://github.com/AkshuDev/PheonixAppAPI/security/advisories/GHSA-258h-f687-4226
- https://github.com/AkshuDev/PheonixAppAPI/commit/0937419e323f5ea9013d43dc1b82fef9d7e05044
- https://nvd.nist.gov/vuln/detail/CVE-2024-41951
- https://github.com/advisories/GHSA-258h-f687-4226
Blast Radius: 1.0
Affected Packages
pypi:PheonixAppAPI
Dependent packages: 0Dependent repositories: 0
Downloads: 1,221 last month
Affected Version Ranges: < 0.2.5
Fixed in: 0.2.5
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.0.7, 0.0.8, 0.0.9, 0.1.1, 0.1.2, 0.1.3, 0.2.3
All unaffected versions: 0.2.5, 0.2.6