Open kenmoini opened 10 months ago
Describe the request The current pinned version of setuptools in requirements.txt is vulnerable to a RegExDoS as defined here in this CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-40897
requirements.txt
Current behaviour It works, though container image scans produce High impact rating vulnerability reports.
Expected behaviour Pass container image scans when included in an execution environment.
I believe it was fixed by setuptools in : https://github.com/pypa/setuptools/issues/3659 Assigning to @Gevorg-Khachatryan-97
Describe the request The current pinned version of setuptools in
requirements.txt
is vulnerable to a RegExDoS as defined here in this CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-40897Current behaviour It works, though container image scans produce High impact rating vulnerability reports.
Expected behaviour Pass container image scans when included in an execution environment.