Vulnerability issue: Lib/ipaddress.py in Python version #2185
Description
What happened (please include outputs or screenshots):
While using the kubernetes (version 29.0.0), we are getting the following vulnerability due to the ipaddress version with python version in the requirements.txt of the man in the kubernetes client.
Description: Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.
What you expected to happen:
Recommendation: Upgrade to version v3.5.10,v3.6.12,v3.7.9,v3.8.4v3.9.0
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Is it ok to upgrade the version? or if you can please help resolve the issue. Thanks!
Environment:
- Kubernetes version (
kubectl version): 29.0.0 - OS (e.g., MacOS 10.13.6):
- Python version (
python --version) - Python client version (
pip list | grep kubernetes)