PyHive icon indicating copy to clipboard operation
PyHive copied to clipboard
verified publisher icon dropbox

Security Vulneratbility CVE-2022-40899 on future

Open ornew opened this issue 3 years ago • 1 comments

REDoS Vulneratbility in Python Charmers Future https://www.cve.org/CVERecord?id=CVE-2022-40899

Open issue with future: https://github.com/PythonCharmers/python-future/issues/612

The last commit to future is 2019 so it's unlikely a patch will occur. It would be preferable to remove this dependency if possible.

ornew avatar Jan 06 '23 01:01 ornew

This was addressed in https://github.com/PythonCharmers/python-future/pull/610 and released in future lib version 0.18.3

mdeshmu avatar Jul 14 '23 15:07 mdeshmu