Skip to content

[Backport 2.13] Rhino 1.7.15.1#6522

Merged
dlvenable merged 1 commit into
2.13from
backport/backport-6519-to-2.13
Feb 16, 2026
Merged

[Backport 2.13] Rhino 1.7.15.1#6522
dlvenable merged 1 commit into
2.13from
backport/backport-6519-to-2.13

Updates Rhino to 1.7.15.1. Fixes CVE-2025-66453. (#6519)

1cb2708
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Feb 16, 2026 in 5m 57s

Security Report

6 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-2026-21441

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185110_AMZHRA/python_JUCJBK/202602161851111/env/lib/python3.9/site-packages/urllib3-2.5.0.dist-info

Dependency Hierarchy:

-> ❌ urllib3-2.5.0-py3-none-any.whl (Vulnerable Library)

High 8.6 Direct urllib3-2.5.0-py3-none-any.whl urllib3-2.5.0-py3-none-any.whl 2.6.3 #6344
CVE-2026-0994

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185110_AMZHRA/python_JUCJBK/202602161851111/env/lib/python3.9/site-packages/protobuf-4.25.8.dist-info

Dependency Hierarchy:

-> ❌ protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl (Vulnerable Library)

High 8.6 Direct protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl protobuf-4.25.8-cp37-abi3-manylinux2014_x86_64.whl protobuf - 6.33.5,https://github.com/protocolbuffers/protobuf.git - v33.5,https://github.com/protocolbuffers/protobuf.git - v5.29.6 #6441
CVE-2025-66471

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185110_AMZHRA/python_JUCJBK/202602161851111/env/lib/python3.9/site-packages/urllib3-2.5.0.dist-info

Dependency Hierarchy:

-> ❌ urllib3-2.5.0-py3-none-any.whl (Vulnerable Library)

High 8.6 Direct urllib3-2.5.0-py3-none-any.whl urllib3-2.5.0-py3-none-any.whl urllib3 - 2.6.0,https://github.com/urllib3/urllib3.git - 2.6.0 #6344
CVE-2025-66418

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185110_AMZHRA/python_JUCJBK/202602161851111/env/lib/python3.9/site-packages/urllib3-2.5.0.dist-info

Dependency Hierarchy:

-> ❌ urllib3-2.5.0-py3-none-any.whl (Vulnerable Library)

High 8.6 Direct urllib3-2.5.0-py3-none-any.whl urllib3-2.5.0-py3-none-any.whl https://github.com/urllib3/urllib3.git - 2.6.0,urllib3 - 2.6.0 #6344
CVE-2026-21860

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185110_AMZHRA/python_JUCJBK/202602161851111/env/lib/python3.9/site-packages/werkzeug-3.0.6.dist-info

Dependency Hierarchy:

-> ❌ werkzeug-3.0.6-py3-none-any.whl (Vulnerable Library)

Medium 5.3 Direct werkzeug-3.0.6-py3-none-any.whl werkzeug-3.0.6-py3-none-any.whl 3.1.5 #6326
CVE-2025-66221

Path to dependency file: /examples/trace-analytics-sample-app/sample-app/requirements.txt

Path to vulnerable library: /tmp/ws-ua_20260216185110_AMZHRA/python_JUCJBK/202602161851111/env/lib/python3.9/site-packages/werkzeug-3.0.6.dist-info

Dependency Hierarchy:

-> ❌ werkzeug-3.0.6-py3-none-any.whl (Vulnerable Library)

Medium 5.3 Direct werkzeug-3.0.6-py3-none-any.whl werkzeug-3.0.6-py3-none-any.whl 3.1.4 #6326

Base branch total remaining vulnerabilities: 2
Base branch commit: 77449a93c58fa6ae31dc7aa50659b99e2077cdc1


Total libraries scanned: 102

Scan token: c2daf9f1f65b4a4ca155a654877ba94d