GHSA-p4m5-32pr-2hqr: PyPop C extensions possible vulnerability: missing arguments and redundant null pointers

February 26, 2024

Impact

Code scanning revealed possible vulnerability in C extensions for PyPop: incorrect function calls (missing arguments or wrongly typed arguments) and redundant null pointers.

Patches

The problem has been patched and fixed in the latest release of PyPop: 1.0.2. Please upgrade your PyPop installation via:

pip install -U pypop-genomics

Workarounds

No. Upgrade to the latest package: 1.0.2.

References

N/A

References

github.com/advisories/GHSA-p4m5-32pr-2hqr
github.com/alexlancaster/pypop
github.com/alexlancaster/pypop/commit/2e5c495dd7684f67f6682e80e324351039a28262
github.com/alexlancaster/pypop/releases/tag/v1.0.2
github.com/alexlancaster/pypop/security/advisories/GHSA-p4m5-32pr-2hqr

Detect and mitigate GHSA-p4m5-32pr-2hqr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →