Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

Open
kenmoini opened this issue Oct 30, 2023 · 1 comment · Fixed by #499
Open

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

kenmoini opened this issue Oct 30, 2023 · 1 comment · Fixed by #499
Assignees
@Gevorg-Khachatryan-97 @george-ghawali
Labels
1.9.3_triage Bug fixes & Improvements enhancement New feature or request

Comments

@kenmoini
Copy link
Contributor

Describe the request
The current pinned version of setuptools in requirements.txt is vulnerable to a RegExDoS as defined here in this CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-40897

Current behaviour
It works, though container image scans produce High impact rating vulnerability reports.

Expected behaviour
Pass container image scans when included in an execution environment.
@kenmoini kenmoini added the enhancement New feature or request label Oct 30, 2023
@bhati-pradeep bhati-pradeep added the 1.9.3_triage Bug fixes & Improvements label Nov 9, 2023
@Gevorg-Khachatryan-97 Gevorg-Khachatryan-97 linked a pull request Nov 17, 2023 that will close this issue
update requirements #438
Closed
@bhati-pradeep
Copy link
Collaborator

I believe it was fixed by setuptools in : pypa/setuptools#3659
Assigning to @Gevorg-Khachatryan-97

@bhati-pradeep bhati-pradeep moved this to Ready for review in nutanix.ncp v1.9.3 release Aug 5, 2024
@george-ghawali george-ghawali removed a link to a pull request Sep 19, 2024
update requirements #438
Closed
@george-ghawali george-ghawali linked a pull request Sep 19, 2024 that will close this issue
update requirements #499
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Gevorg-Khachatryan-97 Gevorg-Khachatryan-97

@george-ghawali george-ghawali

Labels
1.9.3_triage Bug fixes & Improvements enhancement New feature or request
Projects
nutanix.ncp v1.9.3 release
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update requirements nutanix/nutanix.ansible
6 participants
@kenmoini @premkarat @bhati-pradeep @alaa-bish @Gevorg-Khachatryan-97 @george-ghawali