-
Notifications
You must be signed in to change notification settings - Fork 151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2024-47874 not detected #623
Comments
Hi @drupol, thank you for opening this issue! We appreciate your effort in reporting this. Our team will review it and get back to you soon. Note: If this is a serious security issue that could impact the security of Safety CLI users, please email [email protected] immediately. Thank you for contributing to Safety CLI! |
Hi @drupol thank you for bringing this to our attention! The |
Hello, Thanks for your reply. I just used
|
Thank you @drupol! Are you able to share the contents of the poetry files you are using? With these we can make sure to replicate the error you are facing to get it resolved! |
Argh... sadly, I'm not allowed to share them. I would jeopardize my job position if I do so. I'm totally aware that sharing those files is not a big deal, but you know... I am not the one deciding sadly... |
Checklist
Safety version
3.2.8
Python version
3.12.5
Operating System
Linux
Describe the problem you'd like to have solved
In our Python project using Poetry, we are using Starlette (https://pypi.org/project/starlette/, https://github.com/encode/starlette).
To check for CVE, we are using:
The
requirements.txt
file contains the following line:Since the vulnerability affect all versions < 0.40.0, it should trigger CVE-2024-47874 but it is not.
Describe the ideal solution
The tool should report a security issue.
Alternatives and current workarounds
No response
Additional context
No response
What I Did
The text was updated successfully, but these errors were encountered: