Issue on a dependency - CVE-2023-26136

Question

Reni88 opened this issue 6 months ago · 2 comments

Hi,

Good day.
Just wanted to inform that we encountered a security issue on one of request dependency for its version 2.88.2:

Dependency: tough-cookie
Version: 2.5.0

It is raised under this CVE ID: CVE-2023-26136

If this was already discussed and resolution was already delivered. Let us know.
Thank you.

Answer 1 · 2024-02-20T14:44:02.000Z

still unchanged...
the weekly downloads are too much for this bad of a vulnerability, log4shell again?

Answer 2 · 2024-03-04T06:30:11.000Z

Hi, As this package has been deprecated. We decided to just migrate to an alternative. Closing this now.