Skip to content

[Vulnerability]: Deepdiff 8.1.1 & CVE-2025-58367 #1478

New issue
New issue
Closed as duplicate of#1460
Closed as duplicate of#1460
[Vulnerability]: Deepdiff 8.1.1 & CVE-2025-58367#1478
Labels
bugSomething isn't working
@jpulgar4

Description

@jpulgar4
jpulgar4
opened on Oct 28, 2025

Ansible NetBox Collection version

v3.21.0

Ansible version

ansible [core 2.15.13]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.2 (default, Mar 20 2025, 02:07:39) [GCC 10.2.1 20210110] (/usr/bin/python3)
  jinja version = 3.1.6
  libyaml = True

NetBox version

v3.21.0

Python version

3.9

Steps to Reproduce

ISSUE TYPE

  • Vulnerability report

SUMMARY

Deepdiff 8.1.1 in poetry.lock is showing as Critical Vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2025-58367)

Expected Behavior

Deepdiff poetry dependency to be updated to a version without the vulnerability (8.6.1 at least https://github.com/seperman/deepdiff/releases/tag/8.6.1)

Observed Behavior

Deepdiff reported as vulnerable in poetry.lock

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions