Security Vulneratbility CVE-2022-40899 on future 0.18.2

Hello! We got a security vulnerability warning in our builds due to our dependency on `future 0.18.2`.

- pyup report: https://pyup.io/vulnerabilities/CVE-2022-40899/52510/
- MITRE CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40899
- GitHub Advisory: https://github.com/advisories/GHSA-v3c5-jqr6-7qm8

> Desciption:
> An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.

https://github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py#L215

The report has a link to pull request to fix a similar issue in cpython.
https://github.com/python/cpython/pull/17157


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Vulneratbility CVE-2022-40899 on future 0.18.2 #612

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Vulneratbility CVE-2022-40899 on future 0.18.2 #612

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions