Vulnerabilities on python packages
Hi team,
Running a vulnerabilities scan on the latest mysql-shell release for linux, mysql-shell-8.0.33-linux-glibc2.12-x86-64bit.tar.gz, returned a few CVEs related to a couple of python packages: cryptography (CVE-2023-0286, CVE-2023-23931, and GHSA-5cpq-8wj7-hf2v) and setuptools (CVE-2022-40897).
These 2 python packages are included as libs in the release and I understand they should be considered as fixed requirements. That said, could you confirm whether mysql-shell is indeed affected by the related vulnerabilities and if so, are there any plans to update the related dependencies?
Thanks for your time!
Subject
Views
Written By
Posted
Vulnerabilities on python packages
1283
June 06, 2023 08:24AM
510
June 06, 2023 08:53PM
503
August 31, 2023 03:46AM
387
November 03, 2023 05:08AM
394
January 26, 2024 09:20AM
623
September 08, 2023 07:29AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.