Depends on vulnerable versions of Python package PyMySQL

StarRocks / starrocks

The world's fastest open query engine for sub-second analytics both on and off the data lakehouse. With the flexibility to support nearly any scenario, StarRocks provides best-in-class performance for multi-dimensional analytics, real-time analytics, and ad-hoc queries. A Linux Foundation project.

Apache License 2.0

9.23k stars 1.83k forks source link

Issue Description: Hi,@Smith-Cruise, during the setup of the StarRocks project, it was found that the version of PyMySQL specified in the starrocks/contrib/starrocks-python-client/setup.py file is vulnerable to CVE-2024-36039, which may lead to security risks within the project.

Vulnerability Details: Dependency: PyMySQL Affected Versions: < 1.1.1 Current Version: The project specifies pymysql>=1.1.0, which is within the affected range.

Resolution: Please update the pymysql dependency to 1.1.1 or later in the setup.py file to mitigate this vulnerability.

StarRocks / starrocks

Depends on vulnerable versions of Python package PyMySQL #52450