codeflare-sdk icon indicating copy to clipboard operation
codeflare-sdk copied to clipboard

Published 20 hours ago verified publisher icon project-codeflare

Security vulnerability in cryptography package

Open rkpattnaik780 opened this issue 2 years ago • 0 comments

Describe the Bug

The cryptography package v40.0.2 imported in Codeflare SDK has security vulnerabilties identified from the quay security scan.

Codeflare Stack Component Versions

Please specify the component versions in which you have encountered this bug.

Codeflare SDK: 0.9.0

Screenshots, Console Output, Logs, etc.

CVE | Severity | Package | Current version | Fixed in version
GHSA-jm77-qphf-c4w8 | Unknown | cryptography | 40.0.2 | 41.0.3
GHSA-5cpq-8wj7-hf2v | Unknown | cryptography | 40.0.2 | 41.0.0
GHSA-v8gr-m533-ghj9 | Unknown | cryptography | 40.0.2 | 41.0.4

Link to quay

rkpattnaik780 avatar Oct 20 '23 07:10 rkpattnaik780