You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@arrow.apache.org by "Christina (Jira)" <ji...@apache.org> on 2022/11/10 15:07:00 UTC

[jira] [Created] (ARROW-18302) Is pyarrow vulnerable to CVE-2022-3786?

Christina created ARROW-18302:
---------------------------------

             Summary: Is pyarrow vulnerable to  CVE-2022-3786?
                 Key: ARROW-18302
                 URL: https://issues.apache.org/jira/browse/ARROW-18302
             Project: Apache Arrow
          Issue Type: Bug
          Components: Python
    Affects Versions: 9.0.0
            Reporter: Christina


Since pyarrow seems to have no disposition on this bug already, I am curious if the implementation of openssl included with pyarrow is vulnerable to [https://nvd.nist.gov/vuln/detail/CVE-2022-3786]

Here is the commit of openssl that this is fixed in:

https://github.com/openssl/openssl/commit/c42165b5706e42f67ef8ef4c351a9a4c5d21639a



--
This message was sent by Atlassian Jira
(v8.20.10#820010)