Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GHSA-hxwh-jpp2-84pm #362

Closed
nicolaschaillan opened this issue Aug 21, 2024 · 6 comments
Closed

GHSA-hxwh-jpp2-84pm #362

nicolaschaillan opened this issue Aug 21, 2024 · 6 comments

Comments

@nicolaschaillan
Copy link

Hello,

Is there an ETA for fixing GHSA-hxwh-jpp2-84pm ?

GHSA-hxwh-jpp2-84pm

Thank you
@adrianosela
Copy link
Contributor

Opened a PR with a backwards compatible fix (partial fix I guess) in #363

The real fix is a breaking change and requires a new major version - @corydolphin to advise how to deal with this.

@nicolaschaillan
Copy link
Author

@corydolphin any update on this please? This is quite urgent or we will need to move to another lib unfortunately

@pylipp pylipp mentioned this issue Aug 29, 2024
Closed
@SaleelAhsanM
Copy link

@corydolphin Could you please look into this at your earliest convenience? As this code is currently in production, addressing this issue is quite urgent.

@corydolphin
Copy link
Owner

Fixed in 4.0.2 and defaulted to False in 5.0.0

@SaleelAhsanM
Copy link

5.0.0 is also showing in the Affected versions list.

https://osv.dev/vulnerability/PYSEC-2024-71

@adrianosela adrianosela mentioned this issue Aug 31, 2024
Merged
@CharlesPerrotMinotHCHB
Copy link

CharlesPerrotMinotHCHB commented Sep 4, 2024
edited
Loading

Not in the CVE though ; and Github also considers 5.0 to be safe
GHSA-hxwh-jpp2-84pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@corydolphin @nicolaschaillan @adrianosela @SaleelAhsanM @CharlesPerrotMinotHCHB