Skip to content

aiohttp version has multiple CVE's #780

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AlaricWhitney opened this issue Mar 20, 2024 · 1 comment · Fixed by #789
Closed

aiohttp version has multiple CVE's #780

AlaricWhitney opened this issue Mar 20, 2024 · 1 comment · Fixed by #789
Labels
dependencies pull requests that update a dependency file

Comments

@AlaricWhitney
Copy link

Issue Summary

the aiohttp version currently used (3.8.4) has multiple security vulnerabilities with open CVE's:

aiohttp needs to be upgraded to at least 3.9.2 to resolve the issue.

Steps to Reproduce

Code Snippet

https://github.com/twilio/twilio-python/blob/main/setup.py#L26

Exception/Log

Technical details:

  • twilio-python version: 9.0.2
  • python version: 3.7
@AlaricWhitney AlaricWhitney mentioned this issue Mar 20, 2024
Closed
8 tasks
@tiwarishubham635
Copy link
Contributor

tiwarishubham635 commented Apr 4, 2024
edited
Loading

Is aiohttp==3.9.2 available in python 3.7? I see the error that it is not able to find the dependency.

@tiwarishubham635 tiwarishubham635 added the dependencies pull requests that update a dependency file label Apr 4, 2024
@tiwarishubham635 tiwarishubham635 linked a pull request Apr 22, 2024 that will close this issue
chore: bump aiohttp version to resolve CVE-2024-23334 #779
Closed
8 tasks
@tiwarishubham635 tiwarishubham635 mentioned this issue May 22, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dependencies pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
2 participants
@AlaricWhitney @tiwarishubham635