Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNYK scan finding: cryptography DOS vulnerability #4532

Closed
1 task
FuhuXia opened this issue Nov 16, 2023 · 1 comment
Closed
1 task

SNYK scan finding: cryptography DOS vulnerability #4532

FuhuXia opened this issue Nov 16, 2023 · 1 comment
Assignees
@robert-bryson
Labels
bug Software defect or bug compliance Relating to security compliance or documentation
Milestone
January 2024

Comments

@FuhuXia
Copy link
Member

FuhuXia commented Nov 16, 2023

Please keep any sensitive details in Google Drive.

Date of report: 2023-11-08
Severity: Medium
Due date: 2024-02-08

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

  • Analysis has been performed and an issue has been linked to address other occurrences for this class of vulnerability* (link)

* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.

Brief description

https://security.snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
@FuhuXia FuhuXia added compliance Relating to security compliance or documentation bug Software defect or bug labels Nov 16, 2023
This was referenced Nov 16, 2023
Merged
Merged
@hkdctol hkdctol modified the milestones: january 2023, January 2024 Nov 16, 2023
@hkdctol hkdctol moved this to 📔 Product Backlog in data.gov team board Nov 16, 2023
@FuhuXia FuhuXia mentioned this issue Nov 20, 2023
Closed
10 tasks
@gujral-rei gujral-rei moved this from 📔 Product Backlog to 🧊 Icebox in data.gov team board Dec 14, 2023
@gujral-rei gujral-rei moved this from 🧊 Icebox to 📔 Product Backlog in data.gov team board Dec 14, 2023
@btylerburton btylerburton moved this from 📔 Product Backlog to 📟 Sprint Backlog [7] in data.gov team board Dec 21, 2023
@btylerburton btylerburton moved this from 📟 Sprint Backlog [7] to 📔 Product Backlog in data.gov team board Dec 21, 2023
@gujral-rei gujral-rei moved this from 📔 Product Backlog to 📟 Sprint Backlog [7] in data.gov team board Jan 4, 2024
@robert-bryson robert-bryson moved this from 📟 Sprint Backlog [7] to 🏗 In Progress [8] in data.gov team board Jan 5, 2024
@robert-bryson robert-bryson self-assigned this Jan 5, 2024
@robert-bryson robert-bryson moved this from 🏗 In Progress [8] to ✔ Done in data.gov team board Jan 29, 2024
@robert-bryson robert-bryson mentioned this issue Jan 29, 2024
Merged
@robert-bryson robert-bryson moved this from ✔ Done to 🏗 In Progress [8] in data.gov team board Jan 29, 2024
@robert-bryson
Copy link
Contributor

With the new versions of cryptography and PyOpenSSL available, this should be fixed. Closing with PR.

@github-project-automation github-project-automation bot moved this from 🏗 In Progress [8] to ✔ Done in data.gov team board Jan 29, 2024
@btylerburton btylerburton moved this from ✔ Done to 🗄 Closed in data.gov team board Feb 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robert-bryson robert-bryson

Labels
bug Software defect or bug compliance Relating to security compliance or documentation
Projects
data.gov team board
Archived in project
Milestone
January 2024
Development

No branches or pull requests
3 participants
@FuhuXia @hkdctol @robert-bryson