Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG][flytekit] patch pyarrow vulnerability CVE-2023-47248 (upgrade to 14.0.1, released 11/8/23) #4465

Closed
2 tasks done
ringohoffman opened this issue Nov 20, 2023 · 1 comment · Fixed by flyteorg/flytekit#1988
Closed
2 tasks done

[BUG][flytekit] patch pyarrow vulnerability CVE-2023-47248 (upgrade to 14.0.1, released 11/8/23) #4465

ringohoffman opened this issue Nov 20, 2023 · 1 comment · Fixed by flyteorg/flytekit#1988
Labels
bug Something isn't working untriaged This issues has not yet been looked at by the Maintainers

Comments

@ringohoffman
Copy link

ringohoffman commented Nov 20, 2023
edited
Loading

Describe the bug

There is an arbitrary code execution (ACE) vulnerability known for pyarrow<=14.0.0: https://nvd.nist.gov/vuln/detail/CVE-2023-47248. Right now, flytekit is pinned to pyarrow<11.0.0.

You can discover these vulnerabilities for yourself by incorporating pip-audit into your build step.

Expected behavior

pip-audit doesn't fail flytekit's dependencies.

Are you sure this issue hasn't been raised already?

  • Yes

Have you read the Code of Conduct?

  • Yes
@ringohoffman ringohoffman added bug Something isn't working untriaged This issues has not yet been looked at by the Maintainers labels Nov 20, 2023
@welcome Welcome
Copy link

welcome bot commented Nov 20, 2023

Thank you for opening your first issue here! 🛠

@wild-endeavor wild-endeavor mentioned this issue Nov 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working untriaged This issues has not yet been looked at by the Maintainers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove upper bound on pyarrow flyteorg/flytekit
1 participant
@ringohoffman