Update the rsa dependency >4.3 to address CVE-2020-13757?

David_Flores · October 19, 2020, 4:55pm

Hello everyone!

Quick question, any reason why the rsa dependency is pinned to 4.0 (requirements/requirements.txt rsa==4.0)?

I was running a scan and it triggered CVE-2020-13757.

An upgrade to 4,3 should be good to clear it ight?

Thanks!
David

Bill_Nottingham1 · October 19, 2020, 5:08pm

David Flores (davidflores77@gmail.com) said:

Hello everyone!

Quick question, any reason why the rsa dependency is pinned to 4.0
(requirements/requirements.txt rsa==4.0)?

I was running a scan and it triggered CVE-2020-13757
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13757>\.

An upgrade to 4,3 should be good to clear it ight?

It's not actually included anyway, so it doesn't matter.

See requirements_*_uninstall.txt. Thanks to google for making us have to do
this.

Bill

David_Flores · October 19, 2020, 5:11pm

Got it!, thanks Bill. I was looking for a reference for the package until you pointed the uninstall

Good to know, thanks!

Topic		Replies	Views
CVE-2023-3971 (AAP on RHEL) - awx also affected AWX Project awx , rhel , aap	1	0	August 9, 2023
Awx error in libcrypto Get Help awx	0	16	December 2, 2024
CVE-2018-16879 Tower: security channel is not set properly for AMPQ connection AWX Project awx	1	0	January 4, 2019
AWX Vulnerabilities (CVEs) for nginx packages in awx 15.0.0 and up AWX Project awx	4	0	February 17, 2022
AWX Project Sync failed via SSH AWX Project awx	2	4	February 9, 2023

Update the rsa dependency >4.3 to address CVE-2020-13757?

Related topics