Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

Open
kenmoini opened this issue Oct 30, 2023 · 1 comment · Fixed by #499
Open

[Imprv] Update python setuptools to mitigate GHSA-r9hx-vwmv-q579 #427

kenmoini opened this issue Oct 30, 2023 · 1 comment · Fixed by #499
Assignees
@Gevorg-Khachatryan-97 @george-ghawali
Labels
1.9.3_triage Bug fixes & Improvements enhancement New feature or request

Comments

@kenmoini
Copy link
Contributor

Describe the request
The current pinned version of setuptools in requirements.txt is vulnerable to a RegExDoS as defined here in this CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-40897

Current behaviour
It works, though container image scans produce High impact rating vulnerability reports.

Expected behaviour
Pass container image scans when included in an execution environment.
@kenmoini kenmoini added the enhancement New feature or request label Oct 30, 2023
@bhati-pradeep bhati-pradeep added the 1.9.3_triage Bug fixes & Improvements label Nov 9, 2023
@Gevorg-Khachatryan-97 Gevorg-Khachatryan-97 linked a pull request Nov 17, 2023 that will close this issue
update requirements #438
Closed
@bhati-pradeep
Copy link
Collaborator

I believe it was fixed by setuptools in : pypa/setuptools#3659
Assigning to @Gevorg-Khachatryan-97

@bhati-pradeep bhati-pradeep moved this to Ready for review in nutanix.ncp v1.9.3 release Aug 5, 2024
@george-ghawali george-ghawali removed a link to a pull request Sep 19, 2024
update requirements #438
Closed
@george-ghawali george-ghawali linked a pull request Sep 19, 2024 that will close this issue
update requirements #499
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@Gevorg-Khachatryan-97 Gevorg-Khachatryan-97

@george-ghawali george-ghawali

Labels
1.9.3_triage Bug fixes & Improvements enhancement New feature or request
Projects
nutanix.ncp v1.9.3 release
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update requirements nutanix/nutanix.ansible
6 participants
@kenmoini @premkarat @bhati-pradeep @alaa-bish @Gevorg-Khachatryan-97 @george-ghawali