Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ipython showing up as vulnerable, but installed version looks OK

See original GitHub issue

Hello, and thanks for the effort to create this!

I just tried out a test run against several projects. I bumped into this false positive result related to ipython.

$ pip-audit
Name         Version ID             Fix Versions
------------ ------- -------------- -----------------
...
ipython      7.27.0  PYSEC-2014-21  1.2.0
...

the installed ipython version is 7.27.0.
the vulnerable ipython version is 1.2.0 (also prevalent from the vuln-id that says 2014)

The right thing would have been to understand that the installed version is newer than the vulnerable version and not show this entry at all.

Let me know if I can help with any other information.

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:5 (4 by maintainers)

Top GitHub Comments

1reaction

tetsuo-cppcommented, Nov 10, 2021

Thanks for the information @c00kiemon5ter!

From looking at the data source in OSV (which is where PyPI is getting the vulnerability data), it looks like the affected versions data is incorrect as it doesn’t match with the introduced/fixed data. Either that or there are fix versions missing from the data.

CC: @di @oliverchang

0reactions

woodruffwcommented, Nov 10, 2021

As a side note, we should probably add an issue template here that directs people there for these types of issues.

Yep, I was just thinking that yesterday. I’ll work on adding some issue templates today.

Top Results From Across the Web

Jupyter Notebook is not showing the output of any code ...

Hello, I am new to python. When I use Jupyter Notebook the code inside the cells won't execute and I get these empty...

8.x Series — IPython 8.7.0 documentation

This documentation covers IPython versions 6.0 and higher. Beginning with version 6.0, IPython stopped supporting compatibility with Python versions lower than ...

Jupyter Notebook: An Introduction - Real Python

In this step-by-step Python tutorial, you learn how to get started with The Jupyter Notebook, an open source web application that you can...

ipywidget security release | by Project Jupyter

A version of ipywidget has been released, which fixes important security issues. ... vulnerability (CVE-PENDING) which affects the usage of ipywidgets in ......

Dependency Scanning - GitLab Docs

It typically looks for a lock file then performs a build to fetch ... is a good place to get an overview of...