Hi It seems the version of zlib used in lxml is outdated. It currently shows up as zlib 1.2.11 instead of zlib 1.2.13 on scan reports and therefore vulnerable to CVE-2018-25032 and CVE-2022-37434. Can I get some help on if this is correct or I am doing something wrong? Thank you
Hi, Ajayi, Temitope schrieb am 14.12.22 um 17:21:
It seems the version of zlib used in lxml is outdated. It currently shows up as zlib 1.2.11 instead of zlib 1.2.13 on scan reports and therefore vulnerable to CVE-2018-25032 and CVE-2022-37434.
Can I get some help on if this is correct or I am doing something wrong?
What lxml version are you using on which operating system? Are you using pre-built binary wheels or building locally? The binary wheels of lxml 4.9.2 should be using zlib 1.2.13 on Linux/macOS and 1.2.12 on Windows. Stefan
participants (2)
-
Ajayi, Temitope -
Stefan Behnel