github-actions[bot]
commented
4 months ago No linked issues found. Please add the corresponding issues in the pull request description.
Use GitHub automation to close the issue when a PR is merged
Closed AlexsandroRotundo closed 4 months ago
github-actions[bot]
commented
4 months ago No linked issues found. Please add the corresponding issues in the pull request description.
Use GitHub automation to close the issue when a PR is merged
The vulnerable Python version (2.7.12) is used by the MCAC (metric collector for apache cassandra).
The CVE in the MCAC has been resolved in the following PR: https://github.com/datastax/metric-collector-for-apache-cassandra/pull/99 that completely removes the affected Python Version.
So when the new cass-management-api will be released I hope will integrate also the mitigation of the CVEs related to Python (CVE-2022-48565 CVE-2019-9948 CVE-2019-9636 CVE-2019-10160 CVE-2018-1000802 CVE-2017-1000158 CVE-2016-9063 CVE-2016-0718)
Fixes #458