Skip to content

vulnerabilities in future 0.18.2 #323

Closed
@davis-anthony

Description

@davis-anthony
  • Nipyapi version: 0.19.1
  • NiFi version: N/A
  • NiFi-Registry version: N/A
  • Python version: N/A
  • Operating System: N/A

Description

Vulnerability outlined in CVE-2022-40899. Unfortunately it looks like that project is dead and will likely not be updated. This will need to be dropped as a dependency and use of future refactored to some other component.

What I Did

Including the dependency for nipyapi 0.19.1 in my local project and running it through OWASP results in a failure due to the dependency on future 0.18.2. If I exclude this dependency, I get a build failure with a reference to this CVE:

https://nvd.nist.gov/vuln/detail/CVE-2022-40899

Urgency

This blocks our build pipelines and poses a security risk in our production environment.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions