SNYK Scan Finding: pyopenssl - Resource Exhaustion #4591
Assignees
Labels
bug
Software defect or bug
compliance
Relating to security compliance or documentation
component/static
Issues related to the Static/Jekyll component playbooks/roles
Milestone
Comments
FuhuXia
added
compliance
|
there's currently no fix for this issue yet although some work had been done previously. both are accounted for in catalog and inventory via snyk files. exp dates have been updated. |
hkdctol
moved this from 📟 Sprint Backlog [7]
to 📔 Product Backlog
in data.gov team board
jbrown-xentity
added a commit
to GSA/inventory-app
that referenced
this issue
Aug 1, 2024
Update per GSA/data.gov#4591, still no fix.
|
still no fix |
btylerburton
added
the
component/static
|
Still no fix. |
|
No fix until now |
|
Moving to Feb '25 mileston due to no fix |
|
Remediation available: |
rshewitt
moved this from 📟 Sprint Backlog [7]
to 🏗 In Progress [8]
in data.gov team board
4 tasks
rshewitt
moved this from 🏗 In Progress [8]
to 👀 Needs Review [2]
in data.gov team board
|
The fix is to use pyopenSSL version greater than 24.0.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please keep any sensitive details in Google Drive.
Date of report: 2024-01-16
Severity: Moderate
Due date: 2024-04-26
Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.
* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.
Brief description
https://security.snyk.io/vuln/SNYK-PYTHON-PYOPENSSL-6157250
The text was updated successfully, but these errors were encountered: