scrimmage icon indicating copy to clipboard operation
scrimmage copied to clipboard

Published 20 hours ago verified publisher icon gtri

Update PyYAML version for CVE-2020-14343

Open salderma opened this issue 4 years ago • 1 comments

Python Requirements for scrimmage are pinned to PyYAML v5.3.1. CVE-2020-14343 is an arbitrary code execution flaw.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14343 https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151

salderma avatar Feb 10 '21 19:02 salderma

Sean,

Thanks for the issue. This should be a relatively easy fix, but I think we might want to make sure our CI works before changing dependencies. That way if it causes any problems we can fix it.

frazierbaker avatar Feb 22 '21 19:02 frazierbaker