![](https://secure.gravatar.com/avatar/578359b5b47f34a3fd5eca2f95de12a8.jpg?s=120&d=mm&r=g)
Hi It seems the version of zlib used in lxml is outdated. It currently shows up as zlib 1.2.11 instead of zlib 1.2.13 on scan reports and therefore vulnerable to CVE-2018-25032 and CVE-2022-37434. Can I get some help on if this is correct or I am doing something wrong? Thank you
![](https://secure.gravatar.com/avatar/8b97b5aad24c30e4a1357b38cc39aeaa.jpg?s=120&d=mm&r=g)
Hi, Ajayi, Temitope schrieb am 14.12.22 um 17:21:
It seems the version of zlib used in lxml is outdated. It currently shows up as zlib 1.2.11 instead of zlib 1.2.13 on scan reports and therefore vulnerable to CVE-2018-25032 and CVE-2022-37434.
Can I get some help on if this is correct or I am doing something wrong?
What lxml version are you using on which operating system? Are you using pre-built binary wheels or building locally? The binary wheels of lxml 4.9.2 should be using zlib 1.2.13 on Linux/macOS and 1.2.12 on Windows. Stefan
participants (2)
-
Ajayi, Temitope
-
Stefan Behnel