Version 1.16.0 vulnerable to OS Command Injection

[adutta14]

Hello Team,

Our internal scanning tool, AWS Inspector detected the python library 1.16 to be vulnerable to OS command inject. Here are the details of the findings -

Title - CWE-77,78,88 - OS command injection
File Path - requirements/six.py
Vulnerability location - Line 735

Suggested Remediation -
Use of exec detected. https://bandit.readthedocs.io/en/latest/plugins/b102_exec_used.html

Kindly review and let me know if you need more details.

Thanks,
Abhishek Dutta