compliance-trestle
PyPI5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting compliance-trestlepage 1 of 1
- CVE-2026-45725HIGHCVSS 0.0EG 0.0✓ Fixed in 3.12.22026-05-27
vulnerable: 0.0.2 ... 3.9.3 (97 versions)
compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cache Path Traversal ## Summary The compliance-trestle library's remote fetching cache mechanism (HTTPSFetcher and SFTPFetcher) constructs the local cache file …
- CVE-2026-45774MEDIUMCVSS 0.0EG 0.0✓ Fixed in 3.12.22026-05-28
vulnerable: 0.0.2 ... 3.9.3 (97 versions)
compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal ## Summary The compliance-trestle library's profile import mechanism resolves `trestle://` URIs and relative file paths by joinin…
- CVE-2026-46345HIGHCVSS 8.4EG 8.4✓ Fixed in 3.12.22026-05-28
vulnerable: 0.0.2 ... 3.9.3 (97 versions)
compliance-trestle - jinja has an Arbitrary File Write via Path Traversal **Relevant Products/Components:** * `trestle/core/commands/author/jinja.py` * `trestle author jinja` --- ## Detailed Description: The `-o/--output` argument in …
- CVE-2026-46380MEDIUMCVSS 6.7EG 6.7✓ Fixed in 3.12.22026-05-28
vulnerable: 0.0.2 ... 3.9.3 (97 versions)
compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. **Finding 1 (Critical): SSRF (CWE-918)*…
- CVE-2026-46439HIGHCVSS 7.8EG 7.8✓ Fixed in 4.0.32026-05-28
vulnerable: 4.0.0, 4.0.1, 4.0.2
compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI) A High severity Server-Side Template Injection (SSTI) vulnerability exists in the `trestle author jinja` command. The command recur…
Check whether compliance-trestle is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for compliance-trestle CVEs against the assets you own.
Start Free Scan →