fecgov/fec-eregs

[SNYK MEDIUM] botocore Race Condition (due by 10/27/2023)

Closed this issue · 1 comments

pkfec commented

Overview

Affected versions of this package are vulnerable to Race Condition related to assuming a role for the first time.

Introduced through
Introduced through: project@0.0.0 › boto3@1.5.13 › botocore@1.8.50

Fixed in

botocore@1.9.12

Completion criteria:

  • Pin botocore to version 1.9.12
  • SNYK TEST no longer flags botocore as vulnerable package

Snyk: CVSS 5.9 - Medium Severity

Implemented with this PR #783