Hi

 

It seems the version of zlib used in lxml is outdated. It currently shows up as zlib 1.2.11 instead of zlib 1.2.13 on scan reports and therefore vulnerable to CVE-2018-25032 and CVE-2022-37434.

 

Can I get some help on if this is correct or I am doing something wrong?

 

Thank you