CVE-2025–50817: vulnerability in python-future package

[xiaoxi-s]

There is an vulnerability CVE-2025–50817 discovered in the python-future package that affects the package. Since that package already reaches its end of support, would there be any fix taken by PyHive regarding this vulnerability?

References
https://www.wiz.io/vulnerability-database/cve/cve-2025-50817
https://medium.com/@abcd_68700/cve-2025-50817-python-future-module-arbitrary-code-execution-via-unintended-import-of-test-py-f0818ea93cf4
https://nvd.nist.gov/vuln/detail/CVE-2025-50817

[danielcastillothe]

Hi, I also came across this and went out and make a fork without the need of python-future, here is the fork https://github.com/danielcastillothe/PyHive of course this is not official, nor do I plan to maintain or make further updates to it, but hope it helps.