Vulnerability in LightGBM dependency (CVE-2024-43598) #42
Description
Hello,
I'm an active user of the stringsifter library and noticed that it lists LightGBM version 3.3.5 as a dependency.
This version is affected by a high-severity remote code execution vulnerability, CVE-2024-43598.
The vulnerability is present in all versions prior to 4.6.0, which confirms that the current dependency is vulnerable.
The fix for this CVE is available in LightGBM version 4.6.0 and later. As a user, I would highly appreciate it if you could update the dependency to a secure version to mitigate this risk.
Thank you.