[Snyk] Fix for 7 vulnerabilities by twilio-product-security · Pull Request #253 · TwilioDevEd/appointment-reminders-flask

twilio-product-security · 2024-07-16T01:41:39Z

This PR was automatically created by Snyk using the credentials of a real user.

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to fix 7 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

requirements.txt

⚠️

Warning

``` jinja2 3.1.4 has requirement MarkupSafe>=2.0, but you have MarkupSafe 1.1.1. Flask 2.2.5 requires Werkzeug, which is not installed. Flask 2.2.5 has requirement itsdangerous>=2.0, but you have itsdangerous 1.1.0. Flask 2.2.5 has requirement click>=8.0, but you have click 7.1.2. Flask-DebugToolbar 0.11.0 requires werkzeug, which is not installed.

</details>





---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with your project.
> - Max score is 1000. Note that the real score may have changed since the PR was raised.
> - This PR was automatically created by Snyk using the credentials of a real user.
> - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._

For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxODZhZjU1Mi0xZjY2LTQwM2UtYWZmNC05ZWYxMDBhY2Q0ODgiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE4NmFmNTUyLTFmNjYtNDAzZS1hZmY0LTllZjEwMGFjZDQ4OCJ9fQ==" width="0" height="0"/>
🧐 [View latest project report](https://app.snyk.io/org/twiliodeved/project/23d65ef8-59d5-41f8-9042-7a0214b3a72a?utm_source&#x3D;github-enterprise&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr)
📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates)
🛠 [Adjust project settings](https://app.snyk.io/org/twiliodeved/project/23d65ef8-59d5-41f8-9042-7a0214b3a72a?utm_source&#x3D;github-enterprise&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings)
📚 [Read about Snyk's upgrade logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)

---

**Learn how to fix vulnerabilities with free interactive lessons:**

🦉 [Cross-site Scripting (XSS)](https://learn.snyk.io/lesson/xss/?loc&#x3D;fix-pr)
🦉 [Access Restriction Bypass](https://learn.snyk.io/lesson/broken-access-control/?loc&#x3D;fix-pr)
🦉 [Denial of Service (DoS)](https://learn.snyk.io/lesson/no-rate-limiting/?loc&#x3D;fix-pr)
🦉 [More lessons are available in Snyk Learn](https://learn.snyk.io/?loc&#x3D;fix-pr)

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"flask","from":"1.1.2","to":"2.2.5"},{"name":"jinja2","from":"2.11.3","to":"3.1.4"},{"name":"werkzeug","from":"1.0.1","to":"3.0.3"}],"env":"prod","issuesToFix":[{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-FLASK-5490129","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00194},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue May 02 2023 07:57:54 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.9},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Information Exposure"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-JINJA2-6150717","priority_score":68,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00098},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Jan 11 2024 11:25:09 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.19},{"name":"likelihood","value":1.62},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-JINJA2-6809379","priority_score":68,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue May 07 2024 07:25:06 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.19},{"name":"likelihood","value":1.61},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WERKZEUG-3319935","priority_score":15,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"adjacent"},{"name":"epss","value":0.00054},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Feb 15 2023 09:22:04 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":0.598},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Access Restriction Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WERKZEUG-3319936","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00146},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Feb 15 2023 09:23:26 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.89},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WERKZEUG-6035177","priority_score":86,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"adjacent"},{"name":"epss","value":0.00053},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Oct 26 2023 08:50:03 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.43},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Inefficient Algorithmic Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WERKZEUG-6808933","priority_score":137,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 06 2024 07:25:10 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.39},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Code Execution (RCE)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WERKZEUG-3319935","priority_score":15,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"adjacent"},{"name":"epss","value":0.00054},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Feb 15 2023 09:22:04 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":2.35},{"name":"likelihood","value":0.598},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Access Restriction Bypass"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WERKZEUG-3319936","priority_score":114,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00146},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Wed Feb 15 2023 09:23:26 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.89},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Denial of Service (DoS)"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WERKZEUG-6035177","priority_score":86,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"adjacent"},{"name":"epss","value":0.00053},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Thu Oct 26 2023 08:50:03 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":1.43},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Inefficient Algorithmic Complexity"},{"exploit_maturity":"No Known Exploit","id":"SNYK-PYTHON-WERKZEUG-6808933","priority_score":137,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 06 2024 07:25:10 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":9.79},{"name":"likelihood","value":1.39},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Remote Code Execution (RCE)"}],"prId":"186af552-1f66-403e-aff4-9ef100acd488","prPublicId":"186af552-1f66-403e-aff4-9ef100acd488","packageManager":"pip","priorityScoreList":[114,68,68,15,114,86,137],"projectPublicId":"23d65ef8-59d5-41f8-9042-7a0214b3a72a","projectUrl":"https://app.snyk.io/org/twiliodeved/project/23d65ef8-59d5-41f8-9042-7a0214b3a72a?utm_source=github-enterprise&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-FLASK-5490129","SNYK-PYTHON-JINJA2-6150717","SNYK-PYTHON-JINJA2-6809379","SNYK-PYTHON-WERKZEUG-3319935","SNYK-PYTHON-WERKZEUG-3319936","SNYK-PYTHON-WERKZEUG-6035177","SNYK-PYTHON-WERKZEUG-6808933"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-FLASK-5490129 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319935 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-3319936 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6035177 - https://snyk.io/vuln/SNYK-PYTHON-WERKZEUG-6808933

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 7 vulnerabilities#253

[Snyk] Fix for 7 vulnerabilities#253
twilio-product-security wants to merge 1 commit into
mainfrom
snyk-fix-bed99d0f23f6ca7446b8456a51aea6e2

twilio-product-security commented Jul 16, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

twilio-product-security commented Jul 16, 2024

Snyk has created this PR to fix 7 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants