[Task]: Remediate CVE-2024-28397 - Githubissues

apache / beam

Apache Beam is a unified programming model for Batch and Streaming data processing.

https://beam.apache.org/

Apache License 2.0

7.74k stars 4.21k forks source link

[Task]: Remediate CVE-2024-28397 #31799

Open markustoivonen opened 1 month ago

markustoivonen commented 1 month ago

What needs to happen?

It seems that one of the python libraries Beam uses, js2py, has a vulnerability:

Exposure seems fairly limited (not sure if its even realistic to be exploited when using Beam).

Issue Priority

Priority: 3 (nice-to-have improvement)

Issue Components

[X] Component: Python SDK
[ ] Component: Java SDK
[ ] Component: Go SDK
[ ] Component: Typescript SDK
[ ] Component: IO connector
[X] Component: Beam YAML
[ ] Component: Beam examples
[ ] Component: Beam playground
[ ] Component: Beam katas
[ ] Component: Website
[ ] Component: Spark Runner
[ ] Component: Flink Runner
[ ] Component: Samza Runner
[ ] Component: Twister2 Runner
[ ] Component: Hazelcast Jet Runner
[ ] Component: Google Cloud Dataflow Runner

jhammarstedt commented 1 month ago

Hi, what's the status on this one? Getting high severity warning in my workflows when bumping beam to 2.57

liferoad commented 1 month ago

@Polber PTAL.