wooden-thailand-838611/20/2020, 9:22 PM
flagged as a security threat and I spent the whole day defending and explaining what it is the usage. Here at the company IT is using Nexus IQ Scanner and it found these vulnerabilities :
: • https://nvd.nist.gov/vuln/detail/CVE-2018-18074 (threat level 9) • https://nvd.nist.gov/vuln/detail/CVE-2018-20060 (lvl 9) • https://nvd.nist.gov/vuln/detail/CVE-2018-20225 (lvl 7) • https://nvd.nist.gov/vuln/detail/CVE-2019-20907 (lvl 7) • https://nvd.nist.gov/vuln/detail/CVE-2019-11236 (lvl 6) • https://nvd.nist.gov/vuln/detail/CVE-2019-9740 (lvl 6) and for `pex (py2.py3-none-any) 2.1.21 (.whl)`: • https://nvd.nist.gov/vuln/detail/CVE-2018-20225 (lvl 7) • https://nvd.nist.gov/vuln/detail/CVE-2019-20907 (lvl 7) So threats lvl 9+ are immediatly put into quarantine and we (developers) can’t use those packages.
pex 2.1.21 (.tar.gz)
bootstrap it seem like it always tries to get the
package from my internal pypi but for whatever reason they were very worried about that
with those lvl 9.
is.. it’s the actual
source code from github.
jolly-midnight-7275911/20/2020, 10:44 PM
came from an internal repository would that remediate the vulnerability?
wooden-thailand-838611/20/2020, 11:10 PM
happy-kitchen-8948211/21/2020, 5:30 AM
wooden-thailand-838611/23/2020, 3:06 PM