Skip to content

name collision with zstandard #3179

New issue
New issue
Closed
Closed
name collision with zstandard#3179
Milestone
 
3.4
@terriko

Description

@terriko
terriko
opened on Jul 25, 2023

Similar to #3152 -- our scans on our own requirements.txt file is complaining that there's a vulnerability in {facebook, zstandard} (e.g. https://github.com/facebook/zstd) but we're using python-zstandard (e.g. https://github.com/indygreg/python-zstandard) which is bindings to the facebook library.

The problem is that the python-zstandard versions are much smaller than the facebook-zstandard ones, so the scanner things we're using older, vulnerability-ridden code.

As with #3152 , this can be handled temporarily with triage but I think we need to build some name de-duplication into our python language parser to handle this within cve-bin-tool itself

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions