Skip to content

Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

awsebcli has vulnerable requirements

0

Hi,

The packages required by awsebcli contain 2 vulnerabilities:
requests: CVE-2018-18074
urllib3: CVE-2018-20060

Both vulnerabilities have been fixed in their respective packages, but can't be upgraded in an environment with awsebcli due to outdated requirements in awsebcli. Is there any timeframe or policy on when/if these things are monitored and fixed?

Many thanks!

Topics: Compute
Tags: AWS Elastic Beanstalk
Language: English

asked 7 years ago303 views

4 Answers

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

0

Accepted Answer

Thanks for your patience. 3.14.9 is out and contains the upgrade.

Yes, "safety" is quite nice. Thanks for the recommendation.

Rahul.

answered 7 years ago

0

Hi krovski,

Thanks for reporting the problem to us. I'll schedule a release for sometime next week with updated dependencies.

Thanks,
Rahul.

answered 7 years ago

0

Great, thanks!

btw: I strongly suggest to use https://github.com/pyupio/safety to do these checks on a regular basis.

answered 7 years ago

0

Thanks!!!

answered 7 years ago

Relevant content

ECS-optimized Amazon Linux 2 latest AMI does have fix for the latest vulnerable CVE-2022-0847?
AWS-User-1886407
asked 4 years ago
Vulnerability Notice: Does Amazon Linux 2 require Port Mapper?
Accepted Answer
JoshFreeman
asked 2 years ago
OpenSSL CVE-2022-3602 vulnerabilities I found in ECS containers
User-7833596
asked 3 years ago
AWS EKS/AWS Inspector and Package Vulnerability
Accepted Answer
myronix88
asked 3 years ago
How do I make sure that my Amazon EC2 Linux instance is updated with the latest patches and security updates?
AWS OFFICIALUpdated a year ago
How do I use an Application Load Balancer and AWS WAF to protect my Amazon EC2 instance?
AWS OFFICIALUpdated 7 months ago
How do I resolve the error "CannotPullContainerError: You have reached your pull rate limit" in Amazon ECS?
AWS OFFICIALUpdated 3 years ago
How do I set up Amazon Inspector Classic to run security assessments on my Amazon EC2 instances?
AWS OFFICIALUpdated 4 years ago
Accelerating AWS Health Maturity to Prevent Service Disruptions
EXPERT
King Yip
published 5 months ago
Embedding Security in Software Development Lifecycle: Golden Path Development
EXPERT
Purnaresa Y
published 3 months ago