CVE-2025-27516 vuln
#46363
Replies: 1 comment
-
|
The maintainers of vcpkg are not generally the maintainers of any library vcpkg distributes, you would need to contact the owners of utf8-range, in this case the maintainers of https://github.com/protocolbuffers/protobuf However, in this case it looks like they have already applied that change, see protocolbuffers/protobuf@184e0a2 The last time someone attempted to update protocol buffers was November 2024, so we probably don't have that change: #39800 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I am having CVE-2025-27516 this open-source vulnerability. It's regarding jinja2 used in utf8-range package. Curious if port for this is being addressed in any vcpkg version.
To fix this vulnerability, recommendation is to upgrade Jinja2 from 3.0.0 to 3.1.6.
Beta Was this translation helpful? Give feedback.
All reactions