Christina created ARROW-18302: --------------------------------- Summary: Is pyarrow vulnerable to CVE-2022-3786? Key: ARROW-18302 URL: https://issues.apache.org/jira/browse/ARROW-18302 Project: Apache Arrow Issue Type: Bug Components: Python Affects Versions: 9.0.0 Reporter: Christina
Since pyarrow seems to have no disposition on this bug already, I am curious if the implementation of openssl included with pyarrow is vulnerable to [https://nvd.nist.gov/vuln/detail/CVE-2022-3786] Here is the commit of openssl that this is fixed in: https://github.com/openssl/openssl/commit/c42165b5706e42f67ef8ef4c351a9a4c5d21639a -- This message was sent by Atlassian Jira (v8.20.10#820010)