bigflow@1.4.0 vulnerabilities

BigQuery client wrapper with clean API

latest version

1.9.0.dev1
latest non vulnerable version

1.9.0.dev1
first published

4 years ago
latest version published

3 days ago
licenses detected
- Apache-2.0
  [0,)
View bigflow package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the bigflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Certificate Validation bigflow is a BigQuery client wrapper with clean API Affected versions of this package are vulnerable to Improper Certificate Validation such that the `get_vault_token` function is sending the `X-Vault-Token` header with the vault secret to the vault endpoint without verifying the server certificate. This allows any Man in the Middle attacker to read the vault secret and gain access to the vault. How to fix Improper Certificate Validation? Upgrade `bigflow` to version 1.6.0 or higher.	[,1.6.0)

Improper Certificate Validation

bigflow is a BigQuery client wrapper with clean API

Affected versions of this package are vulnerable to Improper Certificate Validation such that the get_vault_token function is sending the X-Vault-Token header with the vault secret to the vault endpoint without verifying the server certificate. This allows any Man in the Middle attacker to read the vault secret and gain access to the vault.

How to fix Improper Certificate Validation?

Upgrade bigflow to version 1.6.0 or higher.

[,1.6.0)

Go back to all versions of this package

bigflow@1.4.0 vulnerabilities

BigQuery client wrapper with clean API

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities