https
GET
api.github.com
None
/orgs/BeaverSoftware/dependabot/alerts?state=open&severity=medium&ecosystem=pip&package=jinja2&scope=runtime&sort=updated&direction=asc
{'Authorization': 'Basic login_and_password_removed', 'User-Agent': 'PyGithub/Python'}
None
200
[('Server', 'GitHub.com'), ('Date', 'Sun, 21 Jan 2024 03:09:54 GMT'), ('Content-Type', 'application/json; charset=utf-8'), ('Transfer-Encoding', 'chunked'), ('Cache-Control', 'private, max-age=60, s-maxage=60'), ('Vary', 'Accept, Authorization, Cookie, X-GitHub-OTP, Accept-Encoding, Accept, X-Requested-With'), ('ETag', 'W/"59496dc4695fd05bf1e3a94ee96f88cfc0032564f7f90082100f695ded81481c"'), ('Last-Modified', 'Sun, 21 Jan 2024 01:41:18 GMT'), ('X-OAuth-Scopes', 'admin:repo_hook, repo, workflow, write:packages'), ('X-Accepted-OAuth-Scopes', 'public_repo, repo, security_events'), ('github-authentication-token-expiration', '2024-04-19 16:30:08 UTC'), ('X-GitHub-Media-Type', 'github.v3; format=json'), ('x-github-api-version-selected', '2022-11-28'), ('X-RateLimit-Limit', '5000'), ('X-RateLimit-Remaining', '4993'), ('X-RateLimit-Reset', '1705809202'), ('X-RateLimit-Used', '7'), ('X-RateLimit-Resource', 'core'), ('Access-Control-Expose-Headers', 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset'), ('Access-Control-Allow-Origin', '*'), ('Strict-Transport-Security', 'max-age=31536000; includeSubdomains; preload'), ('X-Frame-Options', 'deny'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '0'), ('Referrer-Policy', 'origin-when-cross-origin, strict-origin-when-cross-origin'), ('Content-Security-Policy', "default-src 'none'"), ('Content-Encoding', 'gzip'), ('X-GitHub-Request-Id', '98DA:104B:433D86:8E6CA0:65AC8B02')]
[{"number":1,"state":"open","dependency":{"package":{"ecosystem":"pip","name":"jinja2"},"manifest_path":"requirements/docs.txt","scope":"runtime"},"security_advisory":{"ghsa_id":"GHSA-h5c8-rqwp-cp95","cve_id":"CVE-2024-22195","summary":"Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter","description":"The `xmlattr` filter in affected versions of Jinja accepts keys containing spaces. XML/HTML attributes cannot contain spaces, as each would then be interpreted as a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. Note that accepting keys as user input is not common or a particularly intended use case of the `xmlattr` filter, and an application doing so should already be verifying what keys are provided regardless of this fix.","severity":"medium","identifiers":[{"value":"GHSA-h5c8-rqwp-cp95","type":"GHSA"},{"value":"CVE-2024-22195","type":"CVE"}],"references":[{"url":"https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22195"},{"url":"https://github.com/pallets/jinja/commit/716795349a41d4983a9a4771f7d883c96ea17be7"},{"url":"https://github.com/pallets/jinja/releases/tag/3.1.3"},{"url":"https://github.com/advisories/GHSA-h5c8-rqwp-cp95"}],"published_at":"2024-01-11T15:20:48Z","updated_at":"2024-01-11T15:20:50Z","withdrawn_at":null,"vulnerabilities":[{"package":{"ecosystem":"pip","name":"jinja2"},"severity":"medium","vulnerable_version_range":"< 3.1.3","first_patched_version":{"identifier":"3.1.3"}}],"cvss":{"vector_string":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","score":5.4},"cwes":[{"cwe_id":"CWE-79","name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]},"security_vulnerability":{"package":{"ecosystem":"pip","name":"jinja2"},"severity":"medium","vulnerable_version_range":"< 3.1.3","first_patched_version":{"identifier":"3.1.3"}},"url":"https://api.github.com/repos/BeaverSoftware/PyGithub/dependabot/alerts/1","html_url":"https://github.com/BeaverSoftware/PyGithub/security/dependabot/1","created_at":"2024-01-21T01:41:18Z","updated_at":"2024-01-21T01:41:18Z","dismissed_at":null,"dismissed_by":null,"dismissed_reason":null,"dismissed_comment":null,"fixed_at":null,"auto_dismissed_at":null,"repository":{"id":746080753,"node_id":"R_kgDOLHhJ8Q","name":"PyGithub","full_name":"BeaverSoftware/PyGithub","private":false,"owner":{"login":"BeaverSoftware","id":138729970,"node_id":"O_kgDOCETZ8g","avatar_url":"https://avatars.githubusercontent.com/u/138729970?v=4","gravatar_id":"","url":"https://api.github.com/users/BeaverSoftware","html_url":"https://github.com/BeaverSoftware","followers_url":"https://api.github.com/users/BeaverSoftware/followers","following_url":"https://api.github.com/users/BeaverSoftware/following{/other_user}","gists_url":"https://api.github.com/users/BeaverSoftware/gists{/gist_id}","starred_url":"https://api.github.com/users/BeaverSoftware/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BeaverSoftware/subscriptions","organizations_url":"https://api.github.com/users/BeaverSoftware/orgs","repos_url":"https://api.github.com/users/BeaverSoftware/repos","events_url":"https://api.github.com/users/BeaverSoftware/events{/privacy}","received_events_url":"https://api.github.com/users/BeaverSoftware/received_events","type":"Organization","site_admin":false},"html_url":"https://github.com/BeaverSoftware/PyGithub","description":"Typed interactions with the GitHub API v3","fork":true,"url":"https://api.github.com/repos/BeaverSoftware/PyGithub","forks_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/forks","keys_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/keys{/key_id}","collaborators_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/teams","hooks_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/hooks","issue_events_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/issues/events{/number}","events_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/events","assignees_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/assignees{/user}","branches_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/branches{/branch}","tags_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/tags","blobs_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/refs{/sha}","trees_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/trees{/sha}","statuses_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/statuses/{sha}","languages_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/languages","stargazers_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/stargazers","contributors_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/contributors","subscribers_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/subscribers","subscription_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/subscription","commits_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/commits{/sha}","git_commits_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/git/commits{/sha}","comments_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/comments{/number}","issue_comment_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/issues/comments{/number}","contents_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/contents/{+path}","compare_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/compare/{base}...{head}","merges_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/merges","archive_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/downloads","issues_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/issues{/number}","pulls_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/pulls{/number}","milestones_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/milestones{/number}","notifications_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/labels{/name}","releases_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/releases{/id}","deployments_url":"https://api.github.com/repos/BeaverSoftware/PyGithub/deployments"}}]