Remediation for cryptography vulnerabilities #126794
Comments
|
Hi marlenkassym, this isn't a CPython issue. cryptography is a third-party library, not a part of CPython.
The pages you linked list the versions of cryptography that have patches for those CVEs. You can simply upgrade to a patched version. If you installed the package through redistributor (e.g. a system package manager), then you should check with them for a patched version of the package. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
Bug description:
# Add a code block here, if requiredThe following cryptography security vulnerabilities are being detected in python v3.12.3. Have there been any advisory on when and how these will be addressed? Thanks.
CVE-2023-50782
CVE-2024-0727
CVE-2024-26130
Evidence
/usr/lib/python3/dist-packages/cryptography-41.0.7.dist-info/METADATA
/usr/lib/python3/dist-packages/cryptography.egg-info/PKG-INFO
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux
The text was updated successfully, but these errors were encountered: