fabric8-analytics-server icon indicating copy to clipboard operation
fabric8-analytics-server copied to clipboard

Published 20 hours ago verified publisher icon fabric8-analytics

Bump up the urllib3 version to fix CVE found in requirements.txt

Open tisnik opened this issue 6 years ago • 0 comments

Details of CVE:

CVE-2019-11324
More information
high severity
Vulnerable versions: < 1.24.2
Patched version: 1.24.2

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

tisnik avatar Apr 23 '19 07:04 tisnik