Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNYK Scan Finding: pyopenssl - Resource Exhaustion #4591

Open
1 task
FuhuXia opened this issue Jan 19, 2024 · 5 comments
Open
1 task

SNYK Scan Finding: pyopenssl - Resource Exhaustion #4591

FuhuXia opened this issue Jan 19, 2024 · 5 comments
Assignees
@rshewitt
Labels
bug Software defect or bug compliance Relating to security compliance or documentation component/static Issues related to the Static/Jekyll component playbooks/roles
Milestone
February 2025

Comments

@FuhuXia
Copy link
Member

FuhuXia commented Jan 19, 2024

Please keep any sensitive details in Google Drive.

Date of report: 2024-01-16
Severity: Moderate
Due date: 2024-04-26

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

  • Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description

https://security.snyk.io/vuln/SNYK-PYTHON-PYOPENSSL-6157250
@FuhuXia FuhuXia added compliance Relating to security compliance or documentation bug Software defect or bug labels Jan 19, 2024
@btylerburton btylerburton added this to the April 2024 milestone Jan 24, 2024
@gujral-rei gujral-rei moved this to 🧊 Icebox in data.gov team board Jan 25, 2024
@gujral-rei gujral-rei moved this from 🧊 Icebox to 📟 Sprint Backlog [7] in data.gov team board May 30, 2024
@rshewitt rshewitt mentioned this issue May 30, 2024
Merged
4 tasks
@rshewitt rshewitt modified the milestones: April 2024, August 2024 May 30, 2024
@rshewitt rshewitt mentioned this issue May 30, 2024
Merged
@rshewitt
Copy link
Contributor

there's currently no fix for this issue yet although some work had been done previously. both are accounted for in catalog and inventory via snyk files. exp dates have been updated.

@rshewitt rshewitt self-assigned this May 30, 2024
@hkdctol hkdctol moved this from 📟 Sprint Backlog [7] to 📔 Product Backlog in data.gov team board Jun 6, 2024
jbrown-xentity added a commit to GSA/inventory-app that referenced this issue Aug 1, 2024
@jbrown-xentity
Update .snyk
46333cf 
Update per GSA/data.gov#4591, still no fix.
@btylerburton
Copy link
Contributor

still no fix

@btylerburton btylerburton added the component/static Issues related to the Static/Jekyll component playbooks/roles label Oct 10, 2024
@btylerburton btylerburton moved this from 📔 Product Backlog to 📥 Queue in data.gov team board Oct 10, 2024
@jbrown-xentity
Copy link
Contributor

Still no fix.

@Bagesary
Copy link

No fix until now

@btylerburton
Copy link
Contributor

Moving to Feb '25 mileston due to no fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rshewitt rshewitt

Labels
bug Software defect or bug compliance Relating to security compliance or documentation component/static Issues related to the Static/Jekyll component playbooks/roles
Projects
data.gov team board
Status: 📥 Queue
Milestone
February 2025
Development

No branches or pull requests
5 participants
@FuhuXia @jbrown-xentity @rshewitt @btylerburton @Bagesary