MySQL Forums
Forum List  »  MySQL Shell

Vulnerabilities on python packages
Posted by: Francisco de Paz
Date: June 06, 2023 08:24AM

Hi team,

Running a vulnerabilities scan on the latest mysql-shell release for linux, mysql-shell-8.0.33-linux-glibc2.12-x86-64bit.tar.gz, returned a few CVEs related to a couple of python packages: cryptography (CVE-2023-0286, CVE-2023-23931, and GHSA-5cpq-8wj7-hf2v) and setuptools (CVE-2022-40897).

These 2 python packages are included as libs in the release and I understand they should be considered as fixed requirements. That said, could you confirm whether mysql-shell is indeed affected by the related vulnerabilities and if so, are there any plans to update the related dependencies?

Thanks for your time!

Options: ReplyQuote

Written By
Vulnerabilities on python packages
June 06, 2023 08:24AM
November 03, 2023 05:08AM

Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.