You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@arrow.apache.org by "Christina (Jira)" <ji...@apache.org> on 2022/11/10 15:07:00 UTC
[jira] [Created] (ARROW-18302) Is pyarrow vulnerable to CVE-2022-3786?
Christina created ARROW-18302:
---------------------------------
Summary: Is pyarrow vulnerable to CVE-2022-3786?
Key: ARROW-18302
URL: https://issues.apache.org/jira/browse/ARROW-18302
Project: Apache Arrow
Issue Type: Bug
Components: Python
Affects Versions: 9.0.0
Reporter: Christina
Since pyarrow seems to have no disposition on this bug already, I am curious if the implementation of openssl included with pyarrow is vulnerable to [https://nvd.nist.gov/vuln/detail/CVE-2022-3786]
Here is the commit of openssl that this is fixed in:
https://github.com/openssl/openssl/commit/c42165b5706e42f67ef8ef4c351a9a4c5d21639a
--
This message was sent by Atlassian Jira
(v8.20.10#820010)