Actions
Bug #65555
openold pinned mistune in admin/doc-requirements.txt is vulnerable to CVE-2022-34749
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Description
admin/doc-requirements.txt
pins to an older mistune
library version. Security scanners treat this as a vulnerability (CVE-2022-34749, https://github.com/advisories/GHSA-fw3v-x4f2-v673)
https://github.com/ceph/ceph/pull/44227 is the original commit to pin it.
(Originally reported downstream at https://bugzilla.redhat.com/show_bug.cgi?id=2255447)
Do we still need mistune explicitly listed in doc-requirements.txt
?
Updated by Ken Dreyer about 1 month ago
- Subject changed from old pinned mistune in admin/doc-requirements.txt to old pinned mistune in admin/doc-requirements.txt is vulnerable to CVE-2022-34749
Updated by Ken Dreyer about 1 month ago
- Assignee set to Ken Dreyer
- Pull request ID set to 56973
Actions