Please patch CVEs - Githubissues

danihodovic / celery-exporter

A Prometheus exporter for Celery metrics

MIT License

377 stars 83 forks source link

Please patch CVEs #290

Closed ziler-orca closed 6 months ago

ziler-orca commented 6 months ago

Please patch the following CVEs

CVE-2023-44487, CVE-2023-37920, CVE-2023-46136, CVE-2023-43804

Vulnerable Packages

Package Name	Vulnerable Version	Patched Version
pyinstaller-5.10.0	5.10.0	5.13.1
libnghttp2-14	1.43.0-1	1.43.0-1+deb11u1
certifi-2022.12.7	2022.12.7	2023.7.22
werkzeug-2.2.3	2.2.3	3.0.1-2.3.8
urllib3-1.26.15	1.26.15	2.0.6-1.26.17

danihodovic commented 6 months ago

Do you want to open a PR?

danihodovic commented 6 months ago

Resolved in v0.10.2 and https://github.com/danihodovic/celery-exporter/pull/291

wyattw-orca commented 5 months ago

Hello! Following up on this issue, it looks like pyinstaller and certifi are still on vulnerable versions. Is it possible to update those dependencies as well?