[pip-audit] pytigergraph 1.5 PYSEC-2022-43064 #196

dnovvak · 2023-11-08T21:03:29Z

Describe the bug
Scan with pip-audit reports unfixed vulnerability:

Found 1 known vulnerability in 1 package
Name         Version ID               Fix Versions
------------ ------- ---------------- ------------
pytigergraph 1.5     PYSEC-2022-43064

To Reproduce

Create a sample python project: poetry new my-package
Add pyTigerGraph to the project: poetry add pytigergraph==1.5
Add pip-audit to the project: poetry add pip-audit
Run audit: poetry run pip-audit
Verify results

Expected behavior
pyTigerGraph has no known vulnerabilities.

The text was updated successfully, but these errors were encountered:

parkererickson-tg · 2023-11-08T21:17:11Z

We have remedied the issues brought up by CVE-2022-30331, as described here: https://docs.tigergraph.com/home/alerts/cve-2022-30331. UDFs are not controlled by pyTigerGraph anyways. The pip-audit database appears to be out of date.

dnovvak · 2023-11-08T21:38:11Z

Ok, thank you @parkererickson-tg!
Ticket raised on https://github.com/pypa/advisory-database

parkererickson-tg · 2023-11-08T21:39:09Z

Cool, thank you!

parkererickson-tg closed this as completed Nov 8, 2023

dnovvak mentioned this issue Nov 8, 2023

False positive on pyTigerGraph 1.5: PYSEC-2022-43064 pypa/advisory-database#170

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[pip-audit] pytigergraph 1.5 PYSEC-2022-43064 #196

[pip-audit] pytigergraph 1.5 PYSEC-2022-43064 #196

dnovvak commented Nov 8, 2023

parkererickson-tg commented Nov 8, 2023

dnovvak commented Nov 8, 2023

parkererickson-tg commented Nov 8, 2023

[pip-audit] pytigergraph 1.5 PYSEC-2022-43064 #196

[pip-audit] pytigergraph 1.5 PYSEC-2022-43064 #196

Comments

dnovvak commented Nov 8, 2023

parkererickson-tg commented Nov 8, 2023

dnovvak commented Nov 8, 2023

parkererickson-tg commented Nov 8, 2023