Unsafe Dependency Resolution Affecting python-json-logger package, versions [3.2.0,3.3.0)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-PYTHONJSONLOGGER-9376713
published9 Mar 2025
disclosed7 Mar 2025
creditomnigodz

Report a new vulnerability Found a mistake?

Introduced: 7 Mar 2025

NewCVE-2025-27607 (opens in a new tab) CWE-829 (opens in a new tab)

Amendment

This issue was found to be a duplicate. The original vulnerability with details can be found [here](https://security.snyk.io/vuln/through the deletion of a critical dependency which could be maliciously claimed by a third party. An attacker can execute arbitrary code on the system by installing compromised development dependencies.).

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
All

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Unsafe Dependency Resolution Affecting python-json-logger package, versions [3.2.0,3.3.0)

Severity

Do your applications use this vulnerable package?

Introduced: 7 Mar 2025

Amendment

CVSS Base Scores

Snyk