Vulnerabilities on python packages
Hi team,
Running a vulnerabilities scan on the latest mysql-shell release for linux, mysql-shell-8.0.33-linux-glibc2.12-x86-64bit.tar.gz, returned a few CVEs related to a couple of python packages: cryptography (CVE-2023-0286, CVE-2023-23931, and GHSA-5cpq-8wj7-hf2v) and setuptools (CVE-2022-40897).
These 2 python packages are included as libs in the release and I understand they should be considered as fixed requirements. That said, could you confirm whether mysql-shell is indeed affected by the related vulnerabilities and if so, are there any plans to update the related dependencies?
Thanks for your time!
Subject
Views
Written By
Posted
Vulnerabilities on python packages
430
June 06, 2023 08:24AM
244
June 06, 2023 08:53PM
232
August 31, 2023 03:46AM
175
November 03, 2023 05:08AM
174
January 26, 2024 09:20AM
299
September 08, 2023 07:29AM
Sorry, only registered users may post in this forum.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.