Ask questionsCorrection to pip package for pyup.io-39620 for CVE-2021-23338
Unsure if this is the best place to report this, but I was looking at CVE-2021-23338 and noticed from the included exploit link https://github.com/418sec/huntr/pull/1329 that it is a vulnerability for microsoft/qlib and that the corresponding pip package for that appears to be pyqlib rather than qlib
Answer questions harlekeyn
Thanks for your message, Weston.
We were unable to find a source that confirms that qlib is not vulnerable, so until then, we have marked both qlib and pyqlib as vulnerable. The latter has been assigned pyup.io-40060.
Related questionsNo questions were found.