profile
viewpoint

Ask questionsCorrection to pip package for pyup.io-39620 for CVE-2021-23338

Unsure if this is the best place to report this, but I was looking at CVE-2021-23338 and noticed from the included exploit link https://github.com/418sec/huntr/pull/1329 that it is a vulnerability for microsoft/qlib and that the corresponding pip package for that appears to be pyqlib rather than qlib

pyupio/safety-db

Answer questions harlekeyn

Thanks for your message, Weston.

We were unable to find a source that confirms that qlib is not vulnerable, so until then, we have marked both qlib and pyqlib as vulnerable. The latter has been assigned pyup.io-40060.

useful!

Related questions

No questions were found.
source:https://uonfu.com/
Github User Rank List