Use python convert epub file from Simplified Chinese to Traditional Chinese on windows
License: Apache License 2.0
Used python convert epub file from Simplified Chinese to Traditional Chinese on windows
使用 Python 撰寫,epub 檔案繁簡橫直互轉
https://github.com/ThanatosDi/EpubConv_Python/releases
直接將 epub 檔案拖曳至 epubconv.exe 上即可立即翻譯 epub 檔案
感謝以下作者及團隊,沒有你們這個軟體就不會出現
OpenCC by BYVoid
OpenCC-Python by yichen0831
zhconvert 繁化姬 by Fanhuaji organizations (rexx0520建議)
Google Translate by Google
本程式使用了繁化姬的 API 服務,如有商業使用(何謂商業使用?)請依照繁化姬說明文件付費使用
只要少喝一杯飲料就可以給我大大的鼓勵
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
2022-07-28 02:26:14,367 EPUB INFO : * function: version, * msg: 2.0.5
2022-07-28 02:26:14,368 EPUB INFO : * function: _read_config, * msg: already read config
engine: zhconvert_bata
converter: Traditional
format: Horizontal
loglevel: DEBUG
syslevel: INFO
file_check: True
enable_pause: True
2022-07-28 02:26:14,368 EPUB INFO : * function: convert, * msg: file path: MY PATH
2022-07-28 02:26:14,443 EPUB INFO : * function: convert, * msg: unzip file "EPUB FILE" success and get convert file list
2022-07-28 02:26:14,443 EPUB INFO : * function: _content_lang, * msg: convert language to zh-TW
2022-07-28 02:26:14,452 EPUB INFO : * function: _zhconvert_bata, * msg: async convert content.
2022-07-28 02:26:14,934 EPUB ERROR : * function: convert, * msg: zhconvert Request error. status code: 429
Press any key to continue . . .
Vulnerable Library - pyinstaller-4.2.tar.gzPyInstaller bundles a Python application and all its dependencies into a single package.
Library home page: https://files.pythonhosted.org/packages/b4/83/9f6ff034650abe9778c9a4f86bcead63f89a62acf02b1b47fc2bfc6bf8dd/pyinstaller-4.2.tar.gz
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (pyinstaller version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2023-49797 |  High |
7.8 | pyinstaller-4.2.tar.gz | Direct | 5.13.1 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2023-49797PyInstaller bundles a Python application and all its dependencies into a single package.
Library home page: https://files.pythonhosted.org/packages/b4/83/9f6ff034650abe9778c9a4f86bcead63f89a62acf02b1b47fc2bfc6bf8dd/pyinstaller-4.2.tar.gz
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
PyInstaller bundles a Python application and all its dependencies into a single package. A PyInstaller built application, elevated as a privileged process, may be tricked by an unprivileged attacker into deleting files the unprivileged user does not otherwise have access to. A user is affected if all the following are satisfied: 1. The user runs an application containing either matplotlib or win32com. 2. The application is ran as administrator (or at least a user with higher privileges than the attacker). 3. The user's temporary directory is not locked to that specific user (most likely due to TMP/TEMP environment variables pointing to an unprotected, arbitrary, non default location). Either: A. The attacker is able to very carefully time the replacement of a temporary file with a symlink. This switch must occur exactly between shutil.rmtree()'s builtin symlink check and the deletion itself B: The application was built with Python 3.7.x or earlier which has no protection against Directory Junctions links. The vulnerability has been addressed in PR #7827 which corresponds to pyinstaller >= 5.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Publish Date: 2023-12-09
URL: CVE-2023-49797
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-9w2p-rh8c-v9g5
Release Date: 2023-12-09
Fix Resolution: 5.13.1
Step up your Open Source Security Game with Mend here
Hi.
I tried to run it on linux, but didn't get it to work.
A linux binary release will be nice, which can be used on Android too.
This can be inconvenient since pyinstaller cannot cross compile
如題,畢竟繁化姬真的很好用
謝謝
Vulnerable Library - requests-2.32.3-py3-none-any.whlPath to dependency file: /Pipfile
Path to vulnerable library: /Pipfile
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (requests version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-37891 |  Medium |
4.4 | urllib3-2.2.1-py3-none-any.whl | Transitive | N/A* | ❌ |
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the "Details" section below to see if there is a version of transitive dependency where vulnerability is fixed.
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2024-37891HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/a2/73/a68704750a7679d0b6d3ad7aa8d4da8e14e151ae82e6fee774e6e0d05ec8/urllib3-2.2.1-py3-none-any.whl
Path to dependency file: /Pipfile
Path to vulnerable library: /Pipfile
Dependency Hierarchy:
Found in base branch: main
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the Proxy-Authorization HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the Proxy-Authorization header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the Proxy-Authorization header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the Proxy-Authorization header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the Proxy-Authorization header with urllib3's ProxyManager, disable HTTP redirects using redirects=False when sending requests, or not user the Proxy-Authorization header as mitigations.
Publish Date: 2024-06-17
URL: CVE-2024-37891
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-34jh-p97f-mpxf
Release Date: 2024-06-17
Fix Resolution: urllib3 - 1.26.19,2.2.2
Step up your Open Source Security Game with Mend here
Windows版本:1803
Chrome版本: 67.0.3396.87
Chrome擋一次,Windows內建防毒則是直接移除
雖然是可以設成白名單...
這邊稍微告知下
目前測試異步轉換與同步轉換兩者轉換方法使用時間皆差不多
此在異步程式碼中可能有錯誤導致無效能上的改進,故需要調查異步程式碼中的 BUG
Vulnerable Library - urllib3-1.26.5-py2.py3-none-any.whlHTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/0c/cd/1e2ec680ec7b09846dc6e605f5a7709dfb9d7128e51a026e7154e18a234e/urllib3-1.26.5-py2.py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (urllib3 version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2023-43804 | High |
8.1 | urllib3-1.26.5-py2.py3-none-any.whl | Direct | 1.26.17 | ❌ |
| CVE-2024-37891 | Medium |
4.4 | urllib3-1.26.5-py2.py3-none-any.whl | Direct | 2.2.2 | ❌ |
| CVE-2023-45803 | Medium |
4.2 | urllib3-1.26.5-py2.py3-none-any.whl | Direct | 1.26.18 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2023-43804HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/0c/cd/1e2ec680ec7b09846dc6e605f5a7709dfb9d7128e51a026e7154e18a234e/urllib3-1.26.5-py2.py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the Cookie HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a Cookie header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
Publish Date: 2023-10-04
URL: CVE-2023-43804
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-43804
Release Date: 2023-10-04
Fix Resolution: 1.26.17
Step up your Open Source Security Game with Mend here
CVE-2024-37891HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/0c/cd/1e2ec680ec7b09846dc6e605f5a7709dfb9d7128e51a026e7154e18a234e/urllib3-1.26.5-py2.py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the Proxy-Authorization HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the Proxy-Authorization header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the Proxy-Authorization header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the Proxy-Authorization header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the Proxy-Authorization header with urllib3's ProxyManager, disable HTTP redirects using redirects=False when sending requests, or not user the Proxy-Authorization header as mitigations.
Publish Date: 2024-06-17
URL: CVE-2024-37891
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-34jh-p97f-mpxf
Release Date: 2024-06-17
Fix Resolution: 2.2.2
Step up your Open Source Security Game with Mend here
CVE-2023-45803HTTP library with thread-safe connection pooling, file post, and more.
Library home page: https://files.pythonhosted.org/packages/0c/cd/1e2ec680ec7b09846dc6e605f5a7709dfb9d7128e51a026e7154e18a234e/urllib3-1.26.5-py2.py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like POST) to GET as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with redirects=False and disable automatic redirects with redirects=False and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
Publish Date: 2023-10-17
URL: CVE-2023-45803
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-g4mx-q9vg-27p4
Release Date: 2023-10-17
Fix Resolution: 1.26.18
Step up your Open Source Security Game with Mend here
Hi, Mr. Ku:
Thanks for your kindness and effort that you develop a nice good program.
Would you consider to add the vertical feature (直排) and it will help me a lots?
It seem that there are some files need to modify to support this feature.
Currently, I only could do it manually.
(1) Modify the *.css under Styles folder and add/modify html for vertical feature
html {
writing-mode: vertical-rl;
-webkit-writing-mode: vertical-rl;
-epub-writing-mode: vertical-rl;
}
(2) Modify the content.opf
(i) update language into zh-TW
dc:languagezh-TW</dc:language>
(ii) add the page-progression-direction="rtl" in the " spine "
"<" spine aaa="xxx" page-progression-direction="rtl" ">"
Have a good day.
Regards,
PoJen
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/codeql.yml
actions/checkout v3github/codeql-action v2github/codeql-action v2github/codeql-action v2
requirements.txt
aiohttp ==3.7.4altgraph ==0.17async-timeout ==3.0.1attrs ==21.2.0beautifulsoup4 ==4.9.3bs4 ==0.0.1certifi ==2022.12.7chardet ==3.0.4cssutils ==1.0.2idna ==2.10multidict ==5.1.0pyinstaller-hooks-contrib ==2021.1pyinstaller ==4.2python-dotenv ==0.15.0requests ==2.31.0soupsieve ==2.2.1typing-extensions ==3.10.0.0urllib3 ==1.26.5yarl ==1.6.3
Pipfile
In requirements.txt, you should add cssutils.
Then the error shows:
AttributeError: module 'ctypes' has no attribute 'windll'
So, is this project can only run on Windows? What a shame!
You can try to modify it and make GUI with Tkinter.
Also, I'll try to figure out how it works and help you. This is a good project!
只、髮 經常翻譯錯誤
這裡有幾個例子 麻煩修正
順便問 如何自訂繁簡轉換的詞彙?
例子:
不是隻有戰鬥用
但是隻過了短短兩年
下場是隻能就讀
其實發色和危險與否並沒有關係
原文:
不是只有战斗用
但是只过了短短两年
下场是只能就读
其实发色和危险与否并没有关系
Vulnerable Library - requests-2.31.0-py3-none-any.whlPython HTTP for Humans.
Library home page: https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (requests version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-35195 | Medium |
5.6 | requests-2.31.0-py3-none-any.whl | Direct | requests - 2.32.2 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2024-35195Python HTTP for Humans.
Library home page: https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
Requests is a HTTP library. Prior to 2.32.2, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.2.
Publish Date: 2024-05-20
URL: CVE-2024-35195
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-9wx4-h78v-vm56
Release Date: 2024-05-20
Fix Resolution: requests - 2.32.2
Step up your Open Source Security Game with Mend here
這是轉換成繁體前
這是轉換後
直接失去許多章節
Vulnerable Library - certifi-2022.12.7-py3-none-any.whlPython package for providing Mozilla's CA Bundle.
Library home page: https://files.pythonhosted.org/packages/71/4c/3db2b8021bd6f2f0ceb0e088d6b2d49147671f25832fb17970e9b583d742/certifi-2022.12.7-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (certifi version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2023-37920 |  Critical |
9.8 | certifi-2022.12.7-py3-none-any.whl | Direct | 2023.7.22 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2023-37920Python package for providing Mozilla's CA Bundle.
Library home page: https://files.pythonhosted.org/packages/71/4c/3db2b8021bd6f2f0ceb0e088d6b2d49147671f25832fb17970e9b583d742/certifi-2022.12.7-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.
Publish Date: 2023-07-25
URL: CVE-2023-37920
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-xqr8-7jwr-rhp7
Release Date: 2023-07-25
Fix Resolution: 2023.7.22
Step up your Open Source Security Game with Mend here
ver.2.0.0無法使用,用calibre轉檔也一樣,這檔案在ver.1.0.5.2可以正常轉換。
log 記錄檔如下:
2019-07-27 20:49:25,353 EPUB INFO : * function: _read_config, * msg: read config
2019-07-27 20:49:25,353 EPUB INFO : * function: _read_config encoding, * msg: ASCII
2019-07-27 20:49:25,353 EPUB INFO : * function: _read_config, * msg: already read config
engine: zhconvert
converter: Traditional
format: Horizontal
2019-07-27 20:49:25,353 EPUB INFO : * function: convert, * msg: file path: D:\Program Files\EpubConv 2.0.0\冒险者入门篇[简].epub
2019-07-27 20:49:25,494 EPUB ERROR : * function: convert, * msg: File is not a epub file
Originally posted by @mtis1233 in #8 (comment)
希望不要仅支持档案从简体中文到繁体中文,可以支持简转繁。
Vulnerable Library - aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whlAsync http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
| CVE | Severity | CVSS |
Dependency | Type | Fixed in (aiohttp version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-30251 | High |
7.5 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.9.4 | ❌ |
| CVE-2024-23334 | High |
7.5 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.9.2 | ❌ |
| CVE-2023-47627 | High |
7.5 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.8.6 | ❌ |
| CVE-2023-37276 | High |
7.5 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.8.5 | ❌ |
| CVE-2024-23829 | Medium |
6.5 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.9.2 | ❌ |
| CVE-2023-47641 | Medium |
6.5 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.7.4.post0 | ❌ |
| CVE-2024-27306 | Medium |
6.1 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.9.4 | ❌ |
| CVE-2023-49082 | Medium |
5.3 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.9.0 | ❌ |
| CVE-2023-49081 | Medium |
5.3 | aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl | Direct | 3.9.0 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
CVE-2024-30251Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.
Mend Note: The vulnerability was fixed in version 3.9.4 (unaffected). A few minor follow-up patches were added in 3.9.5, as stated in GHSA-5m98-qgg9-wh84.
Publish Date: 2024-05-02
URL: CVE-2024-30251
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5m98-qgg9-wh84
Release Date: 2024-05-02
Fix Resolution: 3.9.4
Step up your Open Source Security Game with Mend here
CVE-2024-23334Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Publish Date: 2024-01-29
URL: CVE-2024-23334
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5h86-8mv2-jq9f
Release Date: 2024-01-29
Fix Resolution: 3.9.2
Step up your Open Source Security Game with Mend here
CVE-2023-47627Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit d5c12ba89 which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.
Publish Date: 2023-11-14
URL: CVE-2023-47627
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-gfw2-4jvh-wgfg
Release Date: 2023-11-14
Fix Resolution: 3.8.6
Step up your Open Source Security Game with Mend here
CVE-2023-37276Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie aiohttp.Application), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie aiohttp.ClientSession). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using AIOHTTP_NO_EXTENSIONS=1 as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.
Publish Date: 2023-07-19
URL: CVE-2023-37276
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-45c4-8wx5-qw6w
Release Date: 2023-07-19
Fix Resolution: 3.8.5
Step up your Open Source Security Game with Mend here
CVE-2024-23829Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
Publish Date: 2024-01-29
URL: CVE-2024-23829
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-8qpw-xqxj-h4r2
Release Date: 2024-01-29
Fix Resolution: 3.9.2
Step up your Open Source Security Game with Mend here
CVE-2023-47641Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Publish Date: 2023-11-14
URL: CVE-2023-47641
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-xx9p-xxvh-7g8j
Release Date: 2023-11-14
Fix Resolution: 3.7.4.post0
Step up your Open Source Security Game with Mend here
CVE-2024-27306Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable show_index if unable to upgrade.
Publish Date: 2024-04-18
URL: CVE-2024-27306
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-7gpw-8wmc-pm8g
Release Date: 2024-04-18
Fix Resolution: 3.9.4
Step up your Open Source Security Game with Mend here
CVE-2023-49082Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.
Publish Date: 2023-11-29
URL: CVE-2023-49082
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-qvrw-v9rv-5rjx
Release Date: 2023-11-29
Fix Resolution: 3.9.0
Step up your Open Source Security Game with Mend here
CVE-2023-49081Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/5b/a6/d36302eba284f4f427dc288f6b3ecd7f89d739cfca206b80311d3158f6d9/aiohttp-3.7.4-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8085e1ecdb0f4680ca290e975bd093ed9fce3b55
Found in base branch: main
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
Publish Date: 2023-11-30
URL: CVE-2023-49081
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-q3qx-c6g2-7pw2
Release Date: 2023-11-30
Fix Resolution: 3.9.0
Step up your Open Source Security Game with Mend here
Win10 1803
嘗試了兩台電腦
都會出現如下的錯誤
最後成功直接以 Python + opencc-python-reimplemented 相依套件 從原始碼成功執行
重構進度嚴重延宕,但我還是會在閒暇時刻盡可能的重構 3.0 程式碼
詳細的進度內容可以查看 project
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
