Closed
Description
- Nipyapi version: 0.19.1
- NiFi version: N/A
- NiFi-Registry version: N/A
- Python version: N/A
- Operating System: N/A
Description
Vulnerability outlined in CVE-2022-40899. Unfortunately it looks like that project is dead and will likely not be updated. This will need to be dropped as a dependency and use of future refactored to some other component.
What I Did
Including the dependency for nipyapi 0.19.1 in my local project and running it through OWASP results in a failure due to the dependency on future 0.18.2. If I exclude this dependency, I get a build failure with a reference to this CVE:
https://nvd.nist.gov/vuln/detail/CVE-2022-40899
Urgency
This blocks our build pipelines and poses a security risk in our production environment.
Metadata
Metadata
Assignees
Labels
No labels