Skip to content

vulnerability in libuv v1.46.0 #615

Closed
@javaccar

Description

@javaccar
  • uvloop version: 0.19.0
  • Python version: 3.11
  • Platform: linux
  • Can you reproduce the bug with PYTHONASYNCIODEBUG in env?: n/a
  • Does uvloop behave differently from vanilla asyncio? How?: n/a

uvloop uses libuv v1.46.0, which has a security vulnerability https://nvd.nist.gov/vuln/detail/CVE-2024-24806
the vulnerability was fixed in libuv v1.48.0 but uvloop is still using v1.46.0.

Activity

fantix

fantix commented on Aug 14, 2024

@fantix
Member

#600 would fix this

javaccar

javaccar commented on Aug 15, 2024

@javaccar
Author

Thanks @fantix ! Appreciate the quick response. I see #600 was just merged. Plans to cut a release and publish to pypi?

fantix

fantix commented on Aug 15, 2024

@fantix
Member

No problem! Yes, I'll cut it tomorrow.

added a commit that references this issue on Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      Participants

      @fantix@javaccar

      Issue actions

        vulnerability in libuv v1.46.0 · Issue #615 · MagicStack/uvloop