Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Status of CVE-2024-43598? #6750

Closed
tobiass-sdl opened this issue Dec 12, 2024 · 2 comments
Closed

Status of CVE-2024-43598? #6750

tobiass-sdl opened this issue Dec 12, 2024 · 2 comments
Assignees
@shiyu1994

Comments

@tobiass-sdl
Copy link

Hi,

what is the status of CVE-2024-43598? It claims that all versions below 4.6.0 are vulnerable but the latest version is 4.5.0. So either the information is bogus or it was written by someone who knows that there will be no 4.5.1...
I do not see any commit around November that looks like a fix...

Is this CVE genuine at all or is lightgbm the victim of a bogus CVE?
@shiyu1994 shiyu1994 self-assigned this Dec 13, 2024
@shiyu1994
Copy link
Collaborator

@tobiass-sdl A PR to fix this issue is created #6752

Thanks for the reminder.

@StrikerRUS
Copy link
Collaborator

Fixed by #6752.

@jameslamb jameslamb mentioned this issue Dec 15, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shiyu1994 shiyu1994

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shiyu1994 @StrikerRUS @tobiass-sdl