twilio-python icon indicating copy to clipboard operation
twilio-python copied to clipboard

Published 20 hours ago verified publisher icon twilio

aiohttp version has multiple CVE's

Open AlaricWhitney opened this issue 11 months ago • 1 comments

Issue Summary

the aiohttp version currently used (3.8.4) has multiple security vulnerabilities with open CVE's:

  • https://nvd.nist.gov/vuln/detail/CVE-2024-23334
  • https://nvd.nist.gov/vuln/detail/CVE-2024-23829
  • https://nvd.nist.gov/vuln/detail/CVE-2023-49082
  • https://nvd.nist.gov/vuln/detail/CVE-2024-23334

aiohttp needs to be upgraded to at least 3.9.2 to resolve the issue.

Steps to Reproduce

Code Snippet

https://github.com/twilio/twilio-python/blob/main/setup.py#L26

Exception/Log

Technical details:

  • twilio-python version: 9.0.2
  • python version: 3.7

AlaricWhitney avatar Mar 20 '24 13:03 AlaricWhitney

Is aiohttp==3.9.2 available in python 3.7? I see the error that it is not able to find the dependency.

tiwarishubham635 avatar Apr 04 '24 17:04 tiwarishubham635