AST-08: Outdated Dependency Minimum Versions
Severity: MEDIUM
Affected File(s): requirements/common.txt
Description
Minimum dependency versions are significantly outdated: requests>=2.25.1 (CVE-2023-32681), pyOpenSSL>=19.0.0 (memory safety issues), autobahn>=21.2.1, Twisted>=22.2.0 (HTTP/TLS fixes in later versions).
Vulnerable Code
requests>=2.25.1
pyOpenSSL>=19.0.0
autobahn>=21.2.1
Twisted>=22.2.0
Impact
Known vulnerabilities in HTTP, TLS, and WebSocket libraries directly affect the security of API communications.
Recommended Fix
Update all minimum versions:
requests>=2.32.0
pyOpenSSL>=24.0.0
autobahn>=23.6.2
Twisted>=24.3.0
Methodology: Triple-verification static analysis -- each finding verified across three independent code review passes.
Researcher: Independent Security Researcher -- Mefai Security Team
AST-08: Outdated Dependency Minimum Versions
Severity: MEDIUM
Affected File(s):
requirements/common.txtDescription
Minimum dependency versions are significantly outdated: requests>=2.25.1 (CVE-2023-32681), pyOpenSSL>=19.0.0 (memory safety issues), autobahn>=21.2.1, Twisted>=22.2.0 (HTTP/TLS fixes in later versions).
Vulnerable Code
Impact
Known vulnerabilities in HTTP, TLS, and WebSocket libraries directly affect the security of API communications.
Recommended Fix
Update all minimum versions:
requests>=2.32.0
pyOpenSSL>=24.0.0
autobahn>=23.6.2
Twisted>=24.3.0
Methodology: Triple-verification static analysis -- each finding verified across three independent code review passes.
Researcher: Independent Security Researcher -- Mefai Security Team