Public/extract_otp_secrets
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

upgrade protobuf to 6.33.5 (fix security problem)

Browse Source 
Cause: protobuf affected by a JSON recursion depth bypass:

A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.
This commit is contained in:
scito
2026-01-31 13:58:54 +01:00
committed by Roland Kurmann
parent a4fecc66ea
commit 74d95d2437
9 changed files with 436 additions and 416 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Pipfile
View File

@@ -5,12 +5,12 @@ name = "pypi"
[packages]
colorama = "0.4.6"
opencv-contrib-python = "*"
opencv-contrib-python = "4.13.0.90"
numpy = "2.4.1"
# for macOS: opencv-contrib-python = "<=4.7.0"
pillow = "*"
pyzbar = "*"
protobuf = "*"
protobuf = "6.33.5"
qrcode = "*"
qreader = "1.3.2"