Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Corona scan shows KEV high risk for pyarrow 19.0.1 for grpc version. #45812

Open
bhuvnesh-vcti opened this issue Mar 17, 2025 · 0 comments
Open

Corona scan shows KEV high risk for pyarrow 19.0.1 for grpc version. #45812

bhuvnesh-vcti opened this issue Mar 17, 2025 · 0 comments
Labels
Component: Python Type: usage Issue is a user question

Comments

@bhuvnesh-vcti
Copy link

Describe the usage question you have. Please include as many useful details as possible.

Hi, we recently scanned our python application which uses Pyarrow version 19.0.1.
We are getting a security issue action that Pyarrow is using grpc version 1.51.1 which has high risk KEV.
I tried digging the files of pyarrow where vunerabilty got detected but not able to verify the grpc version used in the particular version of Pyarrow. Can you help how to determine the gprc version in Pyarrow 19.0.1?

appuser@ad3a031e62b5:/app$ pip list| grep pyarrow
pyarrow               19.0.1
appuser@ad3a031e62b5:/app$ pip list| grep grpc
grpcio                1.71.0
grpcio-tools          1.71.0
appuser@ad3a031e62b5:/app$
Image Image

Component(s)

Python
@bhuvnesh-vcti bhuvnesh-vcti added the Type: usage Issue is a user question label Mar 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Component: Python Type: usage Issue is a user question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bhuvnesh-vcti