chore(deps): [ai] Update vulnerabilityAlerts [SECURITY]#581
Open
renovate-bot wants to merge 1 commit into
Open
chore(deps): [ai] Update vulnerabilityAlerts [SECURITY]#581renovate-bot wants to merge 1 commit into
renovate-bot wants to merge 1 commit into
Conversation
forking-renovate
Bot
added
dependencies
renovate-bot
requested review from
LUJ20,
isidro-deloera and
tdigangi
as code owners
renovate-bot
force-pushed
the
renovate/ai-vulnerabilityalerts
branch
from
d6207b7 to
fc0b42f
Compare
renovate-bot
changed the title
renovate-bot
force-pushed
the
renovate/ai-vulnerabilityalerts
branch
4 times, most recently
from
089f743 to
08eca96
Compare
renovate-bot
changed the title
renovate-bot
force-pushed
the
renovate/ai-vulnerabilityalerts
branch
7 times, most recently
from
a063027 to
6f0bc7e
Compare
renovate-bot
force-pushed
the
renovate/ai-vulnerabilityalerts
branch
from
6f0bc7e to
7709c58
Compare
renovate-bot
force-pushed
the
renovate/ai-vulnerabilityalerts
branch
from
7709c58 to
58f3451
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.13.5→3.14.1==3.13.4→==3.14.12.12.1→2.13.06.5.5→6.5.6Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
AIOHTTP is Vulnerable to Deserialization of Untrusted Data
CVE-2026-34993 / GHSA-jg22-mg44-37j8
More information
Details
Summary
Using
CookieJar.load()with untrusted input may allow arbitrary code execution.Impact
Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.
Workaround
If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitise the files before loading.
Patch: aio-libs/aiohttp@dcf40f3
Severity
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:LReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
AIOHTTP is vulnerable to cross-origin redirect with per-request cookies
CVE-2026-47265 / GHSA-hg6j-4rv6-33pg
More information
Details
Summary
Cookies set with the
cookiesparameter on requests are sent after following a cross-origin redirect.Impact
If a developer uses the
cookiesparameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect.Workaround
If unable to upgrade, using a
Cookieheader in theheadersparameter is not vulnerable.Patch: aio-libs/aiohttp@f54c408
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:UReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
AIOHTTP is vulnerable to cross-origin redirect with per-request cookies
CVE-2026-47265 / GHSA-hg6j-4rv6-33pg
More information
Details
Summary
Cookies set with the
cookiesparameter on requests are sent after following a cross-origin redirect.Impact
If a developer uses the
cookiesparameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect.Workaround
If unable to upgrade, using a
Cookieheader in theheadersparameter is not vulnerable.Patch: aio-libs/aiohttp@f54c408
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:UReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
AIOHTTP is Vulnerable to Deserialization of Untrusted Data
CVE-2026-34993 / GHSA-jg22-mg44-37j8
More information
Details
Summary
Using
CookieJar.load()with untrusted input may allow arbitrary code execution.Impact
Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications.
Workaround
If an application does allow attacker controlled files to be loaded, a workaround on older releases would be to sanitise the files before loading.
Patch: aio-libs/aiohttp@dcf40f3
Severity
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:LReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
CVE-2026-48522 / GHSA-993g-76c3-p5m4 / PYSEC-2026-175
More information
Details
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no documented option to restrict which schemes PyJWKClient will fetch. If an application's jku URL ingestion path accepts attacker-influenced URLs (e.g., from JWT header, configuration file, OAuth flow parameter), the attacker can cause PyJWKClient to read arbitrary local files via file:// (SSRF on local filesystem), cause PyJWKClient to attempt FTP / data-URI fetches (broader SSRF surface), or forge tokens that PyJWT verifies as valid. The library does not directly return non-HTTP(S) URI contents to the attacker; the chained "plant a JWKS to forge tokens" scenario described in the original report requires additional application-layer flaws (attacker write access to a filesystem path, untrusted jku derivation) that this fix does not address. This vulnerability is fixed in 2.13.0.
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
CVE-2026-48524 / GHSA-fhv5-28vv-h8m8 / PYSEC-2026-177
More information
Details
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited outbound requests. The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior (rate limiting, transient errors) which is beyond the attacker's control. This vulnerability is fixed in 2.13.0.
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
CVE-2026-48525 / GHSA-w7vc-732c-9m39 / PYSEC-2026-178
More information
Details
PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL decoding of the compact-serialization payload segment before enforcing the detached-payload rules. For b64=false, PyJWT later discards that decoded payload and replaces it with the caller-provided detached_payload. In practice, this turns the middle segment into an attacker-controlled “work amplifier”: a remote client can supply an arbitrarily large Base64URL payload segment that forces CPU work + memory allocations even if the signature is invalid. This creates an unauthenticated DoS vector against any endpoint that verifies detached JWS using PyJWT. This vulnerability is fixed in 2.13.0.
Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
CVE-2026-48526 / GHSA-xgmm-8j9v-c9wx / PYSEC-2026-179
More information
Details
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the secret key for HMAC algorithm. This vulnerability is fixed in 2.13.0.
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NReferences
This data is provided by OSV and the PyPI Advisory Database (CC-BY 4.0).
Tornado has out-of-bounds memory access via C extension
CVE-2026-49854 / GHSA-cx3h-4qpv-8hc9
More information
Details
Summary
Tornado's optional native extension
tornado.speedupsimplementswebsocket_maskwithout validating that themaskargument is exactly four bytes long. The C function reads four bytes frommaskunconditionally, even when Python passes a shorter byte string. This can read beyond the provided buffer, exposing up to 3 bytes of uninitialized memory.The behavior is reachable from Tornado's XSRF token decoder when
xsrf_cookies=Trueand the native extension is active.Mitigations
This bug is fixed in Tornado 6.5.6. Prior to upgrading to this version, setting the environment variable TORNADO_EXTENSION=0 will disable the vulnerable code (at the expense of reducing websocket performance).
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NReferences
This data is provided by the GitHub Advisory Database (CC-BY 4.0).
Tornado has out-of-bounds memory access via C extension
CVE-2026-49854 / GHSA-cx3h-4qpv-8hc9
More information
Details
Summary
Tornado's optional native extension
tornado.speedupsimplementswebsocket_maskwithout validating that themaskargument is exactly four bytes long. The C function reads four bytes frommaskunconditionally, even when Python passes a shorter byte string. This can read beyond the provided buffer, exposing up to 3 bytes of uninitialized memory.The behavior is reachable from Tornado's XSRF token decoder when
xsrf_cookies=Trueand the native extension is active.Mitigations
This bug is fixed in Tornado 6.5.6. Prior to upgrading to this version, setting the environment variable TORNADO_EXTENSION=0 will disable the vulnerable code (at the expense of reducing websocket performance).
Severity
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Release Notes
jpadilla/pyjwt (pyjwt)
v2.13.0Compare Source
tornadoweb/tornado (tornado)
v6.5.6Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.