Issue on a dependency - CVE-2023-26136
Reni88 opened this issue · 2 comments
Reni88 commented
Hi,
Good day.
Just wanted to inform that we encountered a security issue on one of request dependency for its version 2.88.2:
Dependency: tough-cookie
Version: 2.5.0
It is raised under this CVE ID: CVE-2023-26136
If this was already discussed and resolution was already delivered. Let us know.
Thank you.
mtarek2005 commented
still unchanged...
the weekly downloads are too much for this bad of a vulnerability, log4shell again?
Reni88 commented
Hi, As this package has been deprecated. We decided to just migrate to an alternative. Closing this now.