Please patch CVEs - Githubissues

danihodovic / celery-exporter

A Prometheus exporter for Celery metrics

MIT License

431 stars 94 forks source link

Please patch CVEs #290

Closed ziler-orca closed 10 months ago

ziler-orca commented 10 months ago

Please patch the following CVEs

CVE-2023-44487, CVE-2023-37920, CVE-2023-46136, CVE-2023-43804

Vulnerable Packages

Package Name	Vulnerable Version	Patched Version
pyinstaller-5.10.0	5.10.0	5.13.1
libnghttp2-14	1.43.0-1	1.43.0-1+deb11u1
certifi-2022.12.7	2022.12.7	2023.7.22
werkzeug-2.2.3	2.2.3	3.0.1-2.3.8
urllib3-1.26.15	1.26.15	2.0.6-1.26.17

danihodovic commented 10 months ago

Do you want to open a PR?

danihodovic commented 10 months ago

Resolved in v0.10.2 and https://github.com/danihodovic/celery-exporter/pull/291

wyattw-orca commented 10 months ago

Hello! Following up on this issue, it looks like pyinstaller and certifi are still on vulnerable versions. Is it possible to update those dependencies as well?