Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use sgid-client-python in Healthcare Commercial Cloud due to known CVE in jwcrypto dependency #50

Open
skylander86 opened this issue Jan 15, 2024 · 0 comments
Open

Unable to use sgid-client-python in Healthcare Commercial Cloud due to known CVE in jwcrypto dependency #50

skylander86 opened this issue Jan 15, 2024 · 0 comments

Comments

@skylander86
Copy link

Describe the bug

The version of jwcrypto used in this Python client has a known vulnerability which prevents its used in the Singapore AWS Healthcare Commercial Cloud (HCC). All source code used in HCC are inspected by the AWS Inspector which flags the version of this jwcrypto package as "need to fix".

To Reproduce
Steps to reproduce the behavior:

  1. Create a Docker image for a Python application that depends on sgid-client-python.
  2. Upload the Docker image to ECS on HCC.
  3. Run AWS inspector on the Docker image.
  4. See error in the AWS inspector report.

Expected behavior

It should pass AWS inspector inspections on HCC so that this helpful package can be used in Singapore public hospitals.

Screenshots
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@skylander86