Build: #4 failed Manual run by Akeem Wells
Build result summary
Details
- Completed
- Queue duration
- 1 second
- Duration
- 11 minutes
- Labels
- None
- Revisions
-
- Casa6
-
a24aff35f28f2061f31a1f8f669900acd7ea55d3
a24aff35f28f2061f31a1f8f669900acd7ea55d3 - OPEN-CASA-PKG
-
2de34a7b9798369717f899048130e9964cc12510
2de34a7b9798369717f899048130e9964cc12510
- Total tests
- 423
Tests
- 0 New failures
- 18 Existing failures
- 0 Fixed
Responsible
No one has taken responsibility for this failure
Tests
Status | Test | Failing since | View job | Duration | |
---|---|---|---|---|---|
grpcio
v_1_26_0
|
Check For Known Vulnerabilities ManyLinux228 Python 3.8 | < 1 sec | |||
When gRPC HTTP2 stack raised a header size exceeded error it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged say between a proxy and a backend this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 When gRPC HTTP2 stack raised a header size exceeded error it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged say between a proxy and a backend this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 |
|||||
grpcio
v_1_26_0
|
Check For Known Vulnerabilities ManyLinux2014 Python 3.8 | < 1 sec | |||
When gRPC HTTP2 stack raised a header size exceeded error it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged say between a proxy and a backend this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 When gRPC HTTP2 stack raised a header size exceeded error it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged say between a proxy and a backend this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/32309 |
|||||
ipython
v_7_34_0
|
Check For Known Vulnerabilities ManyLinux228 Python 3.8 | < 1 sec | |||
IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the settermtitle function(https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.pyL103-L117) under specific conditions. This has been patched in version 8.10.0. IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the settermtitle function(https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.pyL103-L117) under specific conditions. This has been patched in version 8.10.0. |
|||||
ipython
v_7_34_0
|
Check For Known Vulnerabilities ManyLinux2014 Python 3.8 | < 1 sec | |||
IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the settermtitle function(https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.pyL103-L117) under specific conditions. This has been patched in version 8.10.0. IPython provides an interactive Python shell and Jupyter kernel to use Python interactively. Versions prior to 8.10.0 are vulnerable to command injection in the settermtitle function(https://github.com/ipython/ipython/blob/3f0bf05f072a91b2a3042d23ce250e5e906183fd/IPython/utils/terminal.pyL103-L117) under specific conditions. This has been patched in version 8.10.0. |
|||||
pip
v_22_3_1
|
Check For Known Vulnerabilities ManyLinux2014 Python 3.8 | < 1 sec | |||
When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. |
|||||
pip
v_22_3_1
|
Check For Known Vulnerabilities ManyLinux228 Python 3.8 | < 1 sec | |||
When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. |
|||||
pip
v_23_0_1
|
Check For Known Vulnerabilities Macos 12 Python 3.8 | < 1 sec | |||
When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. |
|||||
pip
v_22_3_1
|
Check For Known Vulnerabilities Macos 12 Py 3.10 | < 1 sec | |||
When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. When installing a package from a Mercurial VCS URL (ie pip install hg+...) with pip prior to v23.3 the specified Mercurial revision could be used to inject arbitrary configuration options to the hg clone call (ie --config). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who arent installing from Mercurial. |
|||||
protobuf
v_3_20_1
|
Check For Known Vulnerabilities ManyLinux2014 Python 3.8 | < 1 sec | |||
Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message which could lead to a denial of service (DoS) on services using the libraries. Reporter: ClusterFuzz(https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message which could lead to a denial of service (DoS) on services using the libraries. Reporter: ClusterFuzz(https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. |
|||||
protobuf
v_3_20_1
|
Check For Known Vulnerabilities ManyLinux228 Python 3.8 | < 1 sec | |||
Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message which could lead to a denial of service (DoS) on services using the libraries. Reporter: ClusterFuzz(https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message which could lead to a denial of service (DoS) on services using the libraries. Reporter: ClusterFuzz(https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. |
|||||
protobuf
v_3_20_1
|
Check For Known Vulnerabilities Macos 12 Python 3.8 | < 1 sec | |||
Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message which could lead to a denial of service (DoS) on services using the libraries. Reporter: ClusterFuzz(https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message which could lead to a denial of service (DoS) on services using the libraries. Reporter: ClusterFuzz(https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. |
|||||
protobuf
v_3_20_1
|
Check For Known Vulnerabilities Macos 12 Py 3.10 | < 1 sec | |||
Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message which could lead to a denial of service (DoS) on services using the libraries. Reporter: ClusterFuzz(https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message which could lead to a denial of service (DoS) on services using the libraries. Reporter: ClusterFuzz(https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. |
|||||
setuptools
v_56_0_0
|
Check For Known Vulnerabilities Macos 12 Python 3.8 | < 1 sec | |||
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in packageindex.py. Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in packageindex.py. |
|||||
setuptools
v_65_5_0
|
Check For Known Vulnerabilities Macos 12 Py 3.10 | < 1 sec | |||
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in packageindex.py. Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in packageindex.py. |
|||||
urllib3
v_1_26_6
|
Check For Known Vulnerabilities ManyLinux228 Python 3.8 | < 1 sec | |||
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. |
|||||
urllib3
v_1_26_6
|
Check For Known Vulnerabilities ManyLinux2014 Python 3.8 | < 1 sec | |||
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. |
|||||
urllib3
v_1_26_6
|
Check For Known Vulnerabilities Macos 12 Python 3.8 | < 1 sec | |||
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. |
|||||
urllib3
v_1_26_6
|
Check For Known Vulnerabilities Macos 12 Py 3.10 | < 1 sec | |||
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. urllib3 is a user-friendly HTTP client library for Python. urllib3 doesnt treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP that is the responsibility of the user. However it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesnt disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. |