Phyton (v3.12.6) vulnerabilities in NCPA agent v3.1.1 #1230
Comments
|
Thank you for raising these to our attention. Python 3.12.8 released one week ago today. As this was quite recently, many of the critical libraries that we need for NCPA to function have not yet been updated to support 3.12.8. I will continue to check until they are functional and will add the update to the next release as soon as possible. |
|
The Windows version is now using Python 3.12.8, but as the Linux versions are not yet compatible with Python 3.12, I will leave this open for now. |
|
Thanks for update. |
|
FYI. Unfortunately these CVEs (CVE-2024-12254, CVE-2024-9287) are still present and it is now reported that Python versions 3.12.0 (including) up to 3.14.0a2 (excluding) are vulnerable. I understand v3.14 is currently pre-release as of 27-Jan. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Reported vulnerabilities (CVE-2024-12254, CVE-2024-9287, CVE-2024-50602) against Phyton v3.12.6 which is included in NCPA agent v3.1.1 (the current release as of 10.12.2024). This is as reported by Microsoft Defender.
The text was updated successfully, but these errors were encountered: