False Positive for scrapy Vulnerability

pyupio / safety-db

A curated database of insecure Python packages

https://pyup.io

Other

763 stars 84 forks source link

False Positive for scrapy Vulnerability #2365

Closed Matthew-Grayson closed 1 month ago

Matthew-Grayson commented 1 year ago

An update to your vulnerability database on 18 Sep 2023 causes the latest version of scrapy (2.11.0) to be flagged by mistake. Your code scanning tool cites a 2017 CVE that hasn't been updated since September 2017.

CVE-2017-14158 Safety Entry PyPa Advisory Database Entry

harlekeyn commented 1 year ago

Hi @Matthew-Grayson. We've re-examined this vulnerability and have found no evidence of a remedy being applied. Should you have any information regarding a fix, please provide the specifics. Until then, we must retain this vulnerability in our database.

SCH227 commented 1 month ago

Closing this one. Feel free to re-open it if you have something more to add!