View Issue Details

IDProjectCategoryView StatusLast Update
0001508bareos-coreGeneralpublic2023-02-07 13:59
ReporterRuth Ivimey-Cook Assigned Tobruno-at-bareos  
Status closedResolutionfixed 
Product Version22.0.0 
Summary0001508: Github reporting severe CVE on pipfile.lock
DescriptionFor many weeks now, Github Security alert digest has been reminding me that there is a security fail in pipfile.lock in my clone of the bareos repo:

Known security vulnerabilities detected
Dependency GitPython Version <= 3.1.29 Upgrade to ~> 3.1.30
Defined in Pipfile.lock
CVE-2022-24439 High severity

The stanza in pipfile reads:

        "gitpython": {
            "hashes": [
            "index": "pypi",
            "version": "==3.1.14"

I would suggest this is updated to 3.1.30 or later (even if at present this specific CVE can't be accessed because that might change!)
TagsNo tags attached.
bareos-master: impact
bareos-master: action
bareos-19.2: impact
bareos-19.2: action
bareos-18.2: impact
bareos-18.2: action
bareos-17.2: impact
bareos-17.2: action
bareos-16.2: impact
bareos-16.2: action
bareos-15.2: impact
bareos-15.2: action
bareos-14.2: impact
bareos-14.2: action
bareos-13.2: impact
bareos-13.2: action
bareos-12.4: impact
bareos-12.4: action




2023-01-11 09:31

developer   ~0004854

Thanks for pointing this out. As of the clone command is affected by this vulnerability, but that is not used by any of the scripts in, so it is probably irrelevant. Nevertheless this will be updated in the future.


2023-01-12 16:05

developer   ~0004855

Will be fixed once PR935 will be in


2023-02-07 13:59

developer   ~0004878

PR935 merge in

Issue History

Date Modified Username Field Change
2023-01-10 18:59 Ruth Ivimey-Cook New Issue
2023-01-11 09:31 stephand Note Added: 0004854
2023-01-12 16:05 bruno-at-bareos Note Added: 0004855
2023-02-07 13:59 bruno-at-bareos Assigned To => bruno-at-bareos
2023-02-07 13:59 bruno-at-bareos Status new => closed
2023-02-07 13:59 bruno-at-bareos Resolution open => fixed
2023-02-07 13:59 bruno-at-bareos Note Added: 0004878