drc-cmis (>=1.3.0 <=1.6.0) potentially affected by unknown CVE via vng-api-common (=2.0.5)

vng-api-common PYPI version =2.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on vng-api-common and may be impacted: - drc-cmis =1.3.0, =1.6.0 Source cves: unknown CVE Source advisory: OSV:GHSA-C4CM-R9FH-JGJ9...

PT-2024-40234 · Unknown +1 · Vng-Api-Common +1

Name of the Vulnerable Software and Affected Versions: vng-api-common versions prior to 1.12.2 Description: This issue is related to a privilege escalation vulnerability, although its impact is negligible and entirely theoretical. It involves the verification of client-supplied JSON Web Tokens JW...