CGA-74r6-hcwc-qv43

Published

Last updated

https://images.chainguard.dev/security/CGA-74r6-hcwc-qv43

Package

py3-pip

RepositoryWolfi

Latest Update

Pending upstream fix

Aliases

Severity

Unknown

References

Updates

Status

Pending upstream fix

Impact

The outdated version of urllib3 (1.26.20) is included because it's a dependency of py3-pip. Updating it will require the main pip project to release an update. However, the pip maintainers are holding off on that update until Python 3.9 reaches its end-of-life (EOL) at the end of 2025. Once that happens, pip can upgrade, and then kubeflow-katib will also need to update to align with the changes in pip. For more details, see this GitHub issue: https://github.com/pypa/pip/issues/12857

Status

Under investigation

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Private Policy

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal