diff --git a/data/insecure_full.json b/data/insecure_full.json index 4fc9a4c3..0bfe6ab5 100644 --- a/data/insecure_full.json +++ b/data/insecure_full.json @@ -2,7 +2,7 @@ "$meta": { "advisory": "PyUp.io metadata", "base_domain": "https://pyup.io", - "timestamp": 1725170436 + "timestamp": 1727762451 }, "10cent10": [ { @@ -315,40 +315,40 @@ "v": "<0.8.45" }, { - "advisory": "DataHub under 0.8.45 frontend, acting as a proxy, is found to have a vulnerability where it doesn't properly construct URLs when forwarding data to the DataHub Metadata Store (GMS), potentially allowing external users to reroute requests from the DataHub Frontend to any host. This could enable attackers to reroute a request from the frontend proxy to any other server and return the result. The vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076.\r\nhttps://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg", - "cve": "CVE-2023-25557", - "id": "pyup.io-63341", - "more_info_path": "/vulnerabilities/CVE-2023-25557/63341", + "advisory": "In DataHub versions prior to 0.8.45, session cookies are only cleared upon new sign-ins, not during logouts. This allows potential attackers to bypass authentication checks using the AuthUtils.hasValidSessionCookie() method by using a cookie from a logged-out session. Consequently, any logged-out session cookie might be considered valid, leading to an authentication bypass. Users are advised to upgrade to version 0.8.45 to rectify this vulnerability. Currently, there are no known workarounds. This vulnerability was identified and reported by the GitHub Security lab and is being tracked under GHSL-2022-083.\r\nhttps://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj\r\nhttps://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78", + "cve": "CVE-2023-25562", + "id": "pyup.io-63338", + "more_info_path": "/vulnerabilities/CVE-2023-25562/63338", "specs": [ "<0.8.45" ], "v": "<0.8.45" }, { - "advisory": "In DataHub versions prior to 0.8.45, session cookies are only cleared upon new sign-ins, not during logouts. This allows potential attackers to bypass authentication checks using the AuthUtils.hasValidSessionCookie() method by using a cookie from a logged-out session. Consequently, any logged-out session cookie might be considered valid, leading to an authentication bypass. Users are advised to upgrade to version 0.8.45 to rectify this vulnerability. Currently, there are no known workarounds. This vulnerability was identified and reported by the GitHub Security lab and is being tracked under GHSL-2022-083.\r\nhttps://github.com/datahub-project/datahub/security/advisories/GHSA-3974-hxjh-m3jj\r\nhttps://github.com/datahub-project/datahub/blob/aa146db611e3a4ca3aa17bb740783f789d4444d3/datahub-frontend/app/auth/AuthUtils.java#L78", - "cve": "CVE-2023-25562", - "id": "pyup.io-63338", - "more_info_path": "/vulnerabilities/CVE-2023-25562/63338", + "advisory": "DataHub's AuthServiceClient, particularly versions below 0.8.45, creates JSON strings using format strings with user-controlled data. This approach lets potential attackers alter these JSON strings and forward them to the backend, causing potential misuse and authentication bypasses. This could lead to the creation of system accounts, potentially resulting in full system compromise. This vulnerability was discovered and reported by the GitHub Security lab and is being tracked under GHSL-2022-081.\r\nhttps://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c", + "cve": "CVE-2023-25561", + "id": "pyup.io-63339", + "more_info_path": "/vulnerabilities/CVE-2023-25561/63339", "specs": [ "<0.8.45" ], "v": "<0.8.45" }, { - "advisory": "DataHub's AuthServiceClient, specifically versions prior to 0.8.45, creates JSON strings using format strings containing user-controlled data. This method enables potential attackers to manipulate these JSON strings and forward them to the backend, leading to potential misuse and authentication bypasses. Such misuse could result in the generation of system accounts, potentially leading to full system compromise. This vulnerability was identified and reported by the GitHub Security lab and is being tracked under GHSL-2022-080.\r\nhttps://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3", - "cve": "CVE-2023-25560", - "id": "pyup.io-63340", - "more_info_path": "/vulnerabilities/CVE-2023-25560/63340", + "advisory": "DataHub under 0.8.45 frontend, acting as a proxy, is found to have a vulnerability where it doesn't properly construct URLs when forwarding data to the DataHub Metadata Store (GMS), potentially allowing external users to reroute requests from the DataHub Frontend to any host. This could enable attackers to reroute a request from the frontend proxy to any other server and return the result. The vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076.\r\nhttps://github.com/datahub-project/datahub/security/advisories/GHSA-5w2h-q83m-65xg", + "cve": "CVE-2023-25557", + "id": "pyup.io-63341", + "more_info_path": "/vulnerabilities/CVE-2023-25557/63341", "specs": [ "<0.8.45" ], "v": "<0.8.45" }, { - "advisory": "DataHub's AuthServiceClient, particularly versions below 0.8.45, creates JSON strings using format strings with user-controlled data. This approach lets potential attackers alter these JSON strings and forward them to the backend, causing potential misuse and authentication bypasses. This could lead to the creation of system accounts, potentially resulting in full system compromise. This vulnerability was discovered and reported by the GitHub Security lab and is being tracked under GHSL-2022-081.\r\nhttps://github.com/datahub-project/datahub/security/advisories/GHSA-7wc6-p6c4-522c", - "cve": "CVE-2023-25561", - "id": "pyup.io-63339", - "more_info_path": "/vulnerabilities/CVE-2023-25561/63339", + "advisory": "DataHub's AuthServiceClient, specifically versions prior to 0.8.45, creates JSON strings using format strings containing user-controlled data. This method enables potential attackers to manipulate these JSON strings and forward them to the backend, leading to potential misuse and authentication bypasses. Such misuse could result in the generation of system accounts, potentially leading to full system compromise. This vulnerability was identified and reported by the GitHub Security lab and is being tracked under GHSL-2022-080.\r\nhttps://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3", + "cve": "CVE-2023-25560", + "id": "pyup.io-63340", + "more_info_path": "/vulnerabilities/CVE-2023-25560/63340", "specs": [ "<0.8.45" ], @@ -563,27 +563,29 @@ "v": "<3.0.0" } ], - "agentuniverse": [ + "agentscope": [ { - "advisory": "Agentuniverse version 0.0.8 updates its flask dependency from ^2.2 to ^2.3.2 to address the security vulnerability identified as CVE-2023-30861.", - "cve": "CVE-2023-30861", - "id": "pyup.io-71400", - "more_info_path": "/vulnerabilities/CVE-2023-30861/71400", + "advisory": "Affected versions of Agentscope are vulnerable to Code Injection. Agentscope does not implement security measures to isolate the execution of user-provided code, which could lead to the takeover of the server running the code.", + "cve": "PVE-2024-73116", + "id": "pyup.io-73116", + "more_info_path": "/vulnerabilities/PVE-2024-73116/73116", "specs": [ - "<0.0.8" + "<0.1.0" ], - "v": "<0.0.8" + "v": "<0.1.0" }, { - "advisory": "Agentuniverse version 0.0.8 updates its Jinja2 dependency to version ^3.1.4, addressing the security vulnerability identified as CVE-2024-22195.", - "cve": "CVE-2024-22195", - "id": "pyup.io-71401", - "more_info_path": "/vulnerabilities/CVE-2024-22195/71401", + "advisory": "Affected versions of Agentscope are vulnerable to Code Injection. The fix for PVE-2024-73116 was incomplete. The applied black-list to filter out dangerous commands can be simply bypassed. For example, the attackers can run rm --rf (note that there are more than one space character in between the rm and -rf) to bypass the check as the blocked item only has one space in between. Moreover, the current black-list also overlooked many other dangerous commands such as netcat, the hackers can simply create a backdoor by the command nc -lvvp 6666 -e /bin/sh to enable a remote shell and then log into the victim system to run arbitrary commands as follows.", + "cve": "PVE-2024-73124", + "id": "pyup.io-73124", + "more_info_path": "/vulnerabilities/PVE-2024-73124/73124", "specs": [ - "<0.0.8" + ">=0" ], - "v": "<0.0.8" - }, + "v": ">=0" + } + ], + "agentuniverse": [ { "advisory": "Agentuniverse version 0.0.8 updates its langchain dependency from version 0.0.352 to 0.1.20 to address the security vulnerability identified as CVE-2024-21503.", "cve": "CVE-2024-21503", @@ -613,6 +615,26 @@ "<0.0.8" ], "v": "<0.0.8" + }, + { + "advisory": "Agentuniverse version 0.0.8 updates its Jinja2 dependency to version ^3.1.4, addressing the security vulnerability identified as CVE-2024-22195.", + "cve": "CVE-2024-22195", + "id": "pyup.io-71401", + "more_info_path": "/vulnerabilities/CVE-2024-22195/71401", + "specs": [ + "<0.0.8" + ], + "v": "<0.0.8" + }, + { + "advisory": "Agentuniverse version 0.0.8 updates its flask dependency from ^2.2 to ^2.3.2 to address the security vulnerability identified as CVE-2023-30861.", + "cve": "CVE-2023-30861", + "id": "pyup.io-71400", + "more_info_path": "/vulnerabilities/CVE-2023-30861/71400", + "specs": [ + "<0.0.8" + ], + "v": "<0.0.8" } ], "agixt": [ @@ -637,17 +659,19 @@ "v": "<1.5.17" } ], - "agraph-python": [ + "agpt": [ { - "advisory": "Agraph-python 101.0.1 updates requests from 2.18.4 to 2.20.0 for security reasons.", - "cve": "CVE-2018-18074", - "id": "pyup.io-42708", - "more_info_path": "/vulnerabilities/CVE-2018-18074/42708", + "advisory": "A critical vulnerability in the ShellCommandExecutor component of the Forge library and significant-gravitas/autogpt affected versions allows attackers to execute arbitrary commands on the host system. The component lacks proper security measures, enabling command injection attacks. Additionally, attackers can bypass shell command denylists by using modified paths (e.g., /bin/./whoami). This vulnerability can lead to unauthorized access, data breaches, or system compromise. Users should avoid the ShellCommandExecutor in production, implement robust sandboxing, update autogpt to the latest version, and review command execution security measures to mitigate these risks.", + "cve": "CVE-2024-6091", + "id": "pyup.io-73328", + "more_info_path": "/vulnerabilities/CVE-2024-6091/73328", "specs": [ - "<101.0.1" + ">=0" ], - "v": "<101.0.1" - }, + "v": ">=0" + } + ], + "agraph-python": [ { "advisory": "Agraph-python 101.0.1 updates urllib3 from 1.22 to 1.23 for security reasons.", "cve": "CVE-2018-20060", @@ -658,6 +682,16 @@ ], "v": "<101.0.1" }, + { + "advisory": "Agraph-python 101.0.1 updates requests from 2.18.4 to 2.20.0 for security reasons.", + "cve": "CVE-2018-18074", + "id": "pyup.io-42708", + "more_info_path": "/vulnerabilities/CVE-2018-18074/42708", + "specs": [ + "<101.0.1" + ], + "v": "<101.0.1" + }, { "advisory": "Agraph-python 101.0.3 updates urllib3 to 1.24.2 for security reasons.", "cve": "CVE-2019-11324", @@ -1176,9 +1210,9 @@ }, { "advisory": "Aim 1.2.13 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5310", - "id": "pyup.io-48607", - "more_info_path": "/vulnerabilities/CVE-2020-5310/48607", + "cve": "CVE-2020-5312", + "id": "pyup.io-48614", + "more_info_path": "/vulnerabilities/CVE-2020-5312/48614", "specs": [ "<1.2.13" ], @@ -1186,9 +1220,9 @@ }, { "advisory": "Aim 1.2.13 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5312", - "id": "pyup.io-48614", - "more_info_path": "/vulnerabilities/CVE-2020-5312/48614", + "cve": "CVE-2020-5313", + "id": "pyup.io-48615", + "more_info_path": "/vulnerabilities/CVE-2020-5313/48615", "specs": [ "<1.2.13" ], @@ -1196,9 +1230,9 @@ }, { "advisory": "Aim 1.2.13 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5313", - "id": "pyup.io-48615", - "more_info_path": "/vulnerabilities/CVE-2020-5313/48615", + "cve": "CVE-2020-5310", + "id": "pyup.io-48607", + "more_info_path": "/vulnerabilities/CVE-2020-5310/48607", "specs": [ "<1.2.13" ], @@ -1224,6 +1258,16 @@ ], "v": "<=3.17.5" }, + { + "advisory": "A critical security vulnerability affects the aimhubio aim library. The vulnerability exists in the dangerouslySetInnerHTML function of the file textbox.tsx within the Text Explorer component. Attackers can exploit this vulnerability by manipulating the query argument, leading to cross-site scripting (XSS). This allows remote execution of malicious scripts in the context of the victim's browser, potentially compromising user data or performing unauthorized actions. The vulnerability has been publicly disclosed, and exploits may exist in the wild.", + "cve": "CVE-2024-8863", + "id": "pyup.io-73307", + "more_info_path": "/vulnerabilities/CVE-2024-8863/73307", + "specs": [ + ">=0" + ], + "v": ">=0" + }, { "advisory": "Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with \u00e2\u20ac\u0153dot-dot-slash (../)\u00e2\u20ac? sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0.", "cve": "CVE-2021-43775", @@ -2725,6 +2769,18 @@ "v": "<1.5.2" } ], + "amdsmi": [ + { + "advisory": "Affected versions of the AMD SMI CLI are vulnerable to potential privilege escalation due to improper handling of root-required operations for process isolation and SRAM data clearing. Attackers could exploit misconfigured permissions to gain unauthorized access or manipulate GPU processes. The vulnerable functions include amdsmi_set_gpu_process_isolation and amdsmi_set_gpu_clear_sram_data. To mitigate, ensure proper configuration of permissions and restrict root access to trusted users only. This vulnerability is specific to systems where these features are enabled without adequate security measures.", + "cve": "PVE-2024-73455", + "id": "pyup.io-73455", + "more_info_path": "/vulnerabilities/PVE-2024-73455/73455", + "specs": [ + "<6.1.2" + ], + "v": "<6.1.2" + } + ], "aml-ds-pipeline-contrib": [ { "advisory": "Aml-ds-pipeline-contrib is a malicious package, typosquatting. It aims at targeting Azure environments.\r\nhttps://blog.sonatype.com/careful-out-there-open-source-attacks-continue-to-be-on-the-uptick", @@ -3005,6 +3061,16 @@ ], "v": "<1.5.4" }, + { + "advisory": "Ansible 1.5.5 includes a fix for CVE-2014-4658: The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.", + "cve": "CVE-2014-4658", + "id": "pyup.io-25618", + "more_info_path": "/vulnerabilities/CVE-2014-4658/25618", + "specs": [ + "<1.5.5" + ], + "v": "<1.5.5" + }, { "advisory": "Ansible 1.5.5 includes a fix for CVE-2014-4660: Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the \"deb http://user:pass@server:port/\" format.\r\nhttps://www.openwall.com/lists/oss-security/2014/06/26/19", "cve": "CVE-2014-4660", @@ -3025,16 +3091,6 @@ ], "v": "<1.5.5" }, - { - "advisory": "Ansible 1.5.5 includes a fix for CVE-2014-4658: The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.", - "cve": "CVE-2014-4658", - "id": "pyup.io-25618", - "more_info_path": "/vulnerabilities/CVE-2014-4658/25618", - "specs": [ - "<1.5.5" - ], - "v": "<1.5.5" - }, { "advisory": "Ansible 1.6.4 includes a fix for CVE-2014-4678: The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.", "cve": "CVE-2014-4678", @@ -3147,20 +3203,20 @@ "v": "<2.1.4,>=2.2.0,<2.2.1" }, { - "advisory": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.", - "cve": "CVE-2020-25635", - "id": "pyup.io-54230", - "more_info_path": "/vulnerabilities/CVE-2020-25635/54230", + "advisory": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.", + "cve": "CVE-2020-25636", + "id": "pyup.io-54229", + "more_info_path": "/vulnerabilities/CVE-2020-25636/54229", "specs": [ "<2.10.5" ], "v": "<2.10.5" }, { - "advisory": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.", - "cve": "CVE-2020-25636", - "id": "pyup.io-54229", - "more_info_path": "/vulnerabilities/CVE-2020-25636/54229", + "advisory": "A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality. This CVE affects community.aws before 1.2.1 and Ansible-build-data ships this dependency on versions before 2.10.5.", + "cve": "CVE-2020-25635", + "id": "pyup.io-54230", + "more_info_path": "/vulnerabilities/CVE-2020-25635/54230", "specs": [ "<2.10.5" ], @@ -3680,7 +3736,7 @@ "v": "<2.14.14,>=2.15.0b1,<2.15.9,>=2.16.0b1,<2.16.3" }, { - "advisory": "Ansible-core 2.15.8 includes a fix for CVE-2023-5764: A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.\r\nhttps://github.com/ansible/ansible/pull/82294\r\nhttps://access.redhat.com/errata/RHSA-2023:7773", + "advisory": "Ansible-core 2.15.8 includes a fix for CVE-2023-5764: A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data.", "cve": "CVE-2023-5764", "id": "pyup.io-63066", "more_info_path": "/vulnerabilities/CVE-2023-5764/63066", @@ -3689,6 +3745,16 @@ ], "v": "<2.15.8" }, + { + "advisory": "A critical security vulnerability affects Ansible, impacting the handling of sensitive information stored in Ansible Vault files. The vulnerability occurs during playbook execution when using tasks like include_vars to load vaulted variables without setting the no_log: true parameter. This flaw causes sensitive data, including passwords and API keys, to be exposed in plaintext within playbook outputs or logs. Attackers who gain access to these outputs could potentially acquire secrets, leading to unauthorized access or actions on affected systems. Users must immediately review and update their Ansible playbooks to ensure proper use of the no_log: true parameter when handling vaulted variables. Additionally, users should audit recent playbook outputs and logs for potential secret exposure.", + "cve": "CVE-2024-8775", + "id": "pyup.io-73302", + "more_info_path": "/vulnerabilities/CVE-2024-8775/73302", + "specs": [ + ">=0" + ], + "v": ">=0" + }, { "advisory": "An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.", "cve": "CVE-2023-5115", @@ -3715,7 +3781,7 @@ ], "ansible-doctor": [ { - "advisory": "Ansible-doctor version 4.0.0 upgrades its dependency on ansible-core from version 2.13.13 to 2.14.12, in response to the identified vulnerabilities outlined in CVE-2023-5764. \r\nhttps://github.com/thegeeklab/ansible-doctor/pull/633", + "advisory": "Ansible-doctor version 4.0.0 upgrades its dependency on ansible-core from version 2.13.13 to 2.14.12, in response to the identified vulnerabilities outlined in CVE-2023-5764.", "cve": "CVE-2023-5764", "id": "pyup.io-63672", "more_info_path": "/vulnerabilities/CVE-2023-5764/63672", @@ -4186,20 +4252,20 @@ "v": "<1.10.12" }, { - "advisory": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", - "cve": "CVE-2020-17515", - "id": "pyup.io-42326", - "more_info_path": "/vulnerabilities/CVE-2020-17515/42326", + "advisory": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.", + "cve": "CVE-2020-17513", + "id": "pyup.io-39282", + "more_info_path": "/vulnerabilities/CVE-2020-17513/39282", "specs": [ "<1.10.13" ], "v": "<1.10.13" }, { - "advisory": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.", - "cve": "CVE-2020-17513", - "id": "pyup.io-39282", - "more_info_path": "/vulnerabilities/CVE-2020-17513/39282", + "advisory": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", + "cve": "CVE-2020-17515", + "id": "pyup.io-42326", + "more_info_path": "/vulnerabilities/CVE-2020-17515/42326", "specs": [ "<1.10.13" ], @@ -4265,26 +4331,6 @@ ], "v": "<1.9.0a0" }, - { - "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.", - "cve": "CVE-2022-38362", - "id": "pyup.io-63172", - "more_info_path": "/vulnerabilities/CVE-2022-38362/63172", - "specs": [ - "<2.0.0b1" - ], - "v": "<2.0.0b1" - }, - { - "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.", - "cve": "CVE-2023-22886", - "id": "pyup.io-63171", - "more_info_path": "/vulnerabilities/CVE-2023-22886/63171", - "specs": [ - "<2.0.0b1" - ], - "v": "<2.0.0b1" - }, { "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.", "cve": "CVE-2023-25956", @@ -4296,20 +4342,20 @@ "v": "<2.0.0b1" }, { - "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.", - "cve": "CVE-2023-25691", - "id": "pyup.io-63175", - "more_info_path": "/vulnerabilities/CVE-2023-25691/63175", + "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.", + "cve": "CVE-2023-22886", + "id": "pyup.io-63171", + "more_info_path": "/vulnerabilities/CVE-2023-22886/63171", "specs": [ "<2.0.0b1" ], "v": "<2.0.0b1" }, { - "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Apache Sqoop provider integration. Therefore, it is affected by CVE-2023-25693.", - "cve": "CVE-2023-25693", - "id": "pyup.io-63178", - "more_info_path": "/vulnerabilities/CVE-2023-25693/63178", + "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.", + "cve": "CVE-2023-25692", + "id": "pyup.io-63176", + "more_info_path": "/vulnerabilities/CVE-2023-25692/63176", "specs": [ "<2.0.0b1" ], @@ -4326,20 +4372,20 @@ "v": "<2.0.0b1" }, { - "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.", - "cve": "CVE-2023-25692", - "id": "pyup.io-63176", - "more_info_path": "/vulnerabilities/CVE-2023-25692/63176", + "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.", + "cve": "CVE-2022-38362", + "id": "pyup.io-63172", + "more_info_path": "/vulnerabilities/CVE-2022-38362/63172", "specs": [ "<2.0.0b1" ], "v": "<2.0.0b1" }, { - "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.", - "cve": "CVE-2023-28706", - "id": "pyup.io-63174", - "more_info_path": "/vulnerabilities/CVE-2023-28706/63174", + "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.", + "cve": "CVE-2023-25691", + "id": "pyup.io-63175", + "more_info_path": "/vulnerabilities/CVE-2023-25691/63175", "specs": [ "<2.0.0b1" ], @@ -4375,6 +4421,26 @@ ], "v": "<2.0.0b1" }, + { + "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.", + "cve": "CVE-2023-28706", + "id": "pyup.io-63174", + "more_info_path": "/vulnerabilities/CVE-2023-28706/63174", + "specs": [ + "<2.0.0b1" + ], + "v": "<2.0.0b1" + }, + { + "advisory": "Apache-airflow before 2.0.0b1 bundles the code for the Apache Sqoop provider integration. Therefore, it is affected by CVE-2023-25693.", + "cve": "CVE-2023-25693", + "id": "pyup.io-63178", + "more_info_path": "/vulnerabilities/CVE-2023-25693/63178", + "specs": [ + "<2.0.0b1" + ], + "v": "<2.0.0b1" + }, { "advisory": "Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.\r\nhttps://github.com/apache/airflow/pull/15784", "cve": "CVE-2020-7753", @@ -4415,6 +4481,26 @@ ], "v": "<2.10.0" }, + { + "advisory": "Apache Airflow affected versions contain a critical vulnerability in the example DAG file \"example_inlet_event_extra.py\". This flaw allows authenticated attackers with only DAG trigger permission to execute arbitrary commands on the Airflow worker. Users who have based their DAGs on this example may be at risk. It is strongly recommended to avoid exposing example DAGs in production environments. If exposure is necessary, upgrade immediately to Airflow version 2.10.1 or later, which patches this vulnerability. Additionally, review all DAGs derived from this example for similar security issues.", + "cve": "CVE-2024-45498", + "id": "pyup.io-73187", + "more_info_path": "/vulnerabilities/CVE-2024-45498/73187", + "specs": [ + "<2.10.1" + ], + "v": "<2.10.1" + }, + { + "advisory": "Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.", + "cve": "CVE-2024-45034", + "id": "pyup.io-73188", + "more_info_path": "/vulnerabilities/CVE-2024-45034/73188", + "specs": [ + "<2.10.1" + ], + "v": "<2.10.1" + }, { "advisory": "Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/apache/airflow/pull/20699", "cve": "PVE-2023-60199", @@ -4475,16 +4561,6 @@ ], "v": "<2.6.0" }, - { - "advisory": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.", - "cve": "CVE-2023-25754", - "id": "pyup.io-62916", - "more_info_path": "/vulnerabilities/CVE-2023-25754/62916", - "specs": [ - "<2.6.0" - ], - "v": "<2.6.0" - }, { "advisory": "Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The \"Run Task\" feature enables authenticated users to bypass some of the restrictions put in place. It allows the execution of code in the webserver context as well as bypasses the limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0", "cve": "CVE-2023-39508", @@ -4496,14 +4572,14 @@ "v": "<2.6.0" }, { - "advisory": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.", - "cve": "PVE-2023-99911", - "id": "pyup.io-62823", - "more_info_path": "/vulnerabilities/PVE-2023-99911/62823", + "advisory": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.", + "cve": "CVE-2023-25754", + "id": "pyup.io-62916", + "more_info_path": "/vulnerabilities/CVE-2023-25754/62916", "specs": [ - "<2.6.3" + "<2.6.0" ], - "v": "<2.6.3" + "v": "<2.6.0" }, { "advisory": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", @@ -4516,50 +4592,60 @@ "v": "<2.6.3" }, { - "advisory": "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", - "cve": "PVE-2024-99900", - "id": "pyup.io-64989", - "more_info_path": "/vulnerabilities/PVE-2024-99900/64989", + "advisory": "Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.", + "cve": "CVE-2022-46651", + "id": "pyup.io-71689", + "more_info_path": "/vulnerabilities/CVE-2022-46651/71689", "specs": [ "<2.6.3" ], "v": "<2.6.3" }, { - "advisory": "Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.", - "cve": "CVE-2023-35908", - "id": "pyup.io-71688", - "more_info_path": "/vulnerabilities/CVE-2023-35908/71688", + "advisory": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", + "cve": "CVE-2023-22888", + "id": "pyup.io-62891", + "more_info_path": "/vulnerabilities/CVE-2023-22888/62891", "specs": [ "<2.6.3" ], "v": "<2.6.3" }, { - "advisory": "Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.", - "cve": "CVE-2022-46651", - "id": "pyup.io-71689", - "more_info_path": "/vulnerabilities/CVE-2022-46651/71689", + "advisory": "Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", + "cve": "CVE-2023-36543", + "id": "pyup.io-71687", + "more_info_path": "/vulnerabilities/CVE-2023-36543/71687", "specs": [ "<2.6.3" ], "v": "<2.6.3" }, { - "advisory": "Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", - "cve": "CVE-2023-36543", - "id": "pyup.io-71687", - "more_info_path": "/vulnerabilities/CVE-2023-36543/71687", + "advisory": "Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.", + "cve": "CVE-2023-35908", + "id": "pyup.io-71688", + "more_info_path": "/vulnerabilities/CVE-2023-35908/71688", "specs": [ "<2.6.3" ], "v": "<2.6.3" }, { - "advisory": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", - "cve": "CVE-2023-22888", - "id": "pyup.io-62891", - "more_info_path": "/vulnerabilities/CVE-2023-22888/62891", + "advisory": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.", + "cve": "PVE-2023-99911", + "id": "pyup.io-62823", + "more_info_path": "/vulnerabilities/PVE-2023-99911/62823", + "specs": [ + "<2.6.3" + ], + "v": "<2.6.3" + }, + { + "advisory": "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", + "cve": "PVE-2024-99900", + "id": "pyup.io-64989", + "more_info_path": "/vulnerabilities/PVE-2024-99900/64989", "specs": [ "<2.6.3" ], @@ -4585,6 +4671,16 @@ ], "v": "<2.7.0" }, + { + "advisory": "A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.", + "cve": "CVE-2023-40273", + "id": "pyup.io-65797", + "more_info_path": "/vulnerabilities/CVE-2023-40273/65797", + "specs": [ + "<2.7.0" + ], + "v": "<2.7.0" + }, { "advisory": "Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.\r\nhttps://github.com/apache/airflow/pull/32052", "cve": "PVE-2023-60952", @@ -4625,6 +4721,16 @@ ], "v": "<2.7.1" }, + { + "advisory": "Apache Airflow contains a vulnerability where an authorized user with limited permissions can access task instance information across unintended DAGs, posing a risk to versions prior to 2.7.2. Users are encouraged to upgrade to mitigate this security risk.", + "cve": "CVE-2023-42663", + "id": "pyup.io-65393", + "more_info_path": "/vulnerabilities/CVE-2023-42663/65393", + "specs": [ + "<2.7.2" + ], + "v": "<2.7.2" + }, { "advisory": "A security vulnerability exists in versions of Apache Airflow that enables an authenticated user with limited permissions to potentially alter DAG resources they should not have access to, by crafting specific requests. This flaw could lead to unauthorized modification of DAGs, compromising the integrity of those processes.", "cve": "CVE-2023-42792", @@ -4645,16 +4751,6 @@ ], "v": "<2.7.2" }, - { - "advisory": "Apache Airflow contains a vulnerability where an authorized user with limited permissions can access task instance information across unintended DAGs, posing a risk to versions prior to 2.7.2. Users are encouraged to upgrade to mitigate this security risk.", - "cve": "CVE-2023-42663", - "id": "pyup.io-65393", - "more_info_path": "/vulnerabilities/CVE-2023-42663/65393", - "specs": [ - "<2.7.2" - ], - "v": "<2.7.2" - }, { "advisory": "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\u00a0 This is a different issue than CVE-2023-42663 but leading to similar outcome.\r\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.", "cve": "CVE-2023-42781", @@ -4726,20 +4822,20 @@ "v": "<2.9.3" }, { - "advisory": "Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49786", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49786", + "advisory": "Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49787", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49787", "specs": [ "<=2.3.2" ], "v": "<=2.3.2" }, { - "advisory": "Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49787", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49787", + "advisory": "Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49786", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49786", "specs": [ "<=2.3.2" ], @@ -4755,16 +4851,6 @@ ], "v": "<=2.3.2" }, - { - "advisory": "The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour. Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.", - "cve": "CVE-2023-40273", - "id": "pyup.io-65797", - "more_info_path": "/vulnerabilities/CVE-2023-40273/65797", - "specs": [ - "<=2.7.0" - ], - "v": "<=2.7.0" - }, { "advisory": "The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.", "cve": "CVE-2018-20245", @@ -4786,10 +4872,10 @@ "v": ">=0,<1.10.11" }, { - "advisory": "Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", - "cve": "CVE-2020-11978", - "id": "pyup.io-54349", - "more_info_path": "/vulnerabilities/CVE-2020-11978/54349", + "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.", + "cve": "CVE-2020-11981", + "id": "pyup.io-54177", + "more_info_path": "/vulnerabilities/CVE-2020-11981/54177", "specs": [ ">=0,<1.10.11rc1" ], @@ -4805,16 +4891,6 @@ ], "v": ">=0,<1.10.11rc1" }, - { - "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.", - "cve": "CVE-2020-11981", - "id": "pyup.io-54177", - "more_info_path": "/vulnerabilities/CVE-2020-11981/54177", - "specs": [ - ">=0,<1.10.11rc1" - ], - "v": ">=0,<1.10.11rc1" - }, { "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", "cve": "CVE-2020-9485", @@ -4835,6 +4911,16 @@ ], "v": ">=0,<1.10.11rc1" }, + { + "advisory": "Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", + "cve": "CVE-2020-11978", + "id": "pyup.io-54349", + "more_info_path": "/vulnerabilities/CVE-2020-11978/54349", + "specs": [ + ">=0,<1.10.11rc1" + ], + "v": ">=0,<1.10.11rc1" + }, { "advisory": "In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.", "cve": "CVE-2020-17511", @@ -4866,20 +4952,20 @@ "v": ">=0,<1.10.2" }, { - "advisory": "A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.", - "cve": "CVE-2019-0229", - "id": "pyup.io-54127", - "more_info_path": "/vulnerabilities/CVE-2019-0229/54127", + "advisory": "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.", + "cve": "CVE-2019-0216", + "id": "pyup.io-54125", + "more_info_path": "/vulnerabilities/CVE-2019-0216/54125", "specs": [ ">=0,<1.10.3b1" ], "v": ">=0,<1.10.3b1" }, { - "advisory": "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.", - "cve": "CVE-2019-0216", - "id": "pyup.io-54125", - "more_info_path": "/vulnerabilities/CVE-2019-0216/54125", + "advisory": "A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.", + "cve": "CVE-2019-0229", + "id": "pyup.io-54127", + "more_info_path": "/vulnerabilities/CVE-2019-0229/54127", "specs": [ ">=0,<1.10.3b1" ], @@ -4986,20 +5072,20 @@ "v": ">=0,<2.3.0" }, { - "advisory": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).", - "cve": "CVE-2022-41131", - "id": "pyup.io-54592", - "more_info_path": "/vulnerabilities/CVE-2022-41131/54592", + "advisory": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.", + "cve": "CVE-2022-40189", + "id": "pyup.io-54587", + "more_info_path": "/vulnerabilities/CVE-2022-40189/54587", "specs": [ ">=0,<2.3.0" ], "v": ">=0,<2.3.0" }, { - "advisory": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.", - "cve": "CVE-2022-40189", - "id": "pyup.io-54587", - "more_info_path": "/vulnerabilities/CVE-2022-40189/54587", + "advisory": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).", + "cve": "CVE-2022-41131", + "id": "pyup.io-54592", + "more_info_path": "/vulnerabilities/CVE-2022-41131/54592", "specs": [ ">=0,<2.3.0" ], @@ -6996,20 +7082,20 @@ ], "apache-airflow-providers-amazon": [ { - "advisory": "Apache-airflow-providers-amazon 4.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49835", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49835", + "advisory": "Apache-airflow-providers-amazon 4.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49834", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49834", "specs": [ "<=4.0.0" ], "v": "<=4.0.0" }, { - "advisory": "Apache-airflow-providers-amazon 4.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49834", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49834", + "advisory": "Apache-airflow-providers-amazon 4.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49835", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49835", "specs": [ "<=4.0.0" ], @@ -7298,7 +7384,7 @@ ], "apache-airflow-providers-apache-sqoop": [ { - "advisory": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections.\r\n\r\n It is recommended to upgrade to a version that is not affected.\r\nThis issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.", + "advisory": "Apache Airflow Sqoop Provider versions before 4.0.0 are affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections.", "cve": "CVE-2023-27604", "id": "pyup.io-64556", "more_info_path": "/vulnerabilities/CVE-2023-27604/64556", @@ -7415,6 +7501,16 @@ } ], "apache-airflow-providers-databricks": [ + { + "advisory": "Apache-airflow-providers-databricks 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49825", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49825", + "specs": [ + "<=3.0.0" + ], + "v": "<=3.0.0" + }, { "advisory": "Apache-airflow-providers-databricks 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", "cve": "PVE-2022-47833", @@ -7434,16 +7530,6 @@ "<=3.0.0" ], "v": "<=3.0.0" - }, - { - "advisory": "Apache-airflow-providers-databricks 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49825", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49825", - "specs": [ - "<=3.0.0" - ], - "v": "<=3.0.0" } ], "apache-airflow-providers-datadog": [ @@ -7500,20 +7586,20 @@ "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-docker 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49815", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49815", + "advisory": "Apache-airflow-providers-docker 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49816", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49816", "specs": [ "<=3.0.0" ], "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-docker 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49816", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49816", + "advisory": "Apache-airflow-providers-docker 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49815", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49815", "specs": [ "<=3.0.0" ], @@ -7564,20 +7650,20 @@ "v": "<=8.1.0" }, { - "advisory": "Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.\r\nhttps://github.com/apache/airflow/pull/29499", - "cve": "CVE-2023-25692", - "id": "pyup.io-54664", - "more_info_path": "/vulnerabilities/CVE-2023-25692/54664", + "advisory": "Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.\r\nhttps://github.com/apache/airflow/pull/29497", + "cve": "CVE-2023-25691", + "id": "pyup.io-54665", + "more_info_path": "/vulnerabilities/CVE-2023-25691/54665", "specs": [ ">=0,<8.10.0" ], "v": ">=0,<8.10.0" }, { - "advisory": "Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.\r\nhttps://github.com/apache/airflow/pull/29497", - "cve": "CVE-2023-25691", - "id": "pyup.io-54665", - "more_info_path": "/vulnerabilities/CVE-2023-25691/54665", + "advisory": "Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.\r\nhttps://github.com/apache/airflow/pull/29499", + "cve": "CVE-2023-25692", + "id": "pyup.io-54664", + "more_info_path": "/vulnerabilities/CVE-2023-25692/54664", "specs": [ ">=0,<8.10.0" ], @@ -7628,20 +7714,20 @@ ], "apache-airflow-providers-jenkins": [ { - "advisory": "Apache-airflow-providers-jenkins 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49812", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49812", + "advisory": "Apache-airflow-providers-jenkins 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49814", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49814", "specs": [ "<=3.0.0" ], "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-jenkins 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49814", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49814", + "advisory": "Apache-airflow-providers-jenkins 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49812", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49812", "specs": [ "<=3.0.0" ], @@ -7734,10 +7820,10 @@ "v": "<3.4.1" }, { - "advisory": "Apache-airflow-providers-microsoft-mssql 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49827", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49827", + "advisory": "Apache-airflow-providers-microsoft-mssql 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49828", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49828", "specs": [ "<=3.0.0" ], @@ -7754,10 +7840,10 @@ "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-microsoft-mssql 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49828", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49828", + "advisory": "Apache-airflow-providers-microsoft-mssql 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49827", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49827", "specs": [ "<=3.0.0" ], @@ -7765,6 +7851,16 @@ } ], "apache-airflow-providers-mongo": [ + { + "advisory": "Apache-airflow-providers-mongo 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49807", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49807", + "specs": [ + "<=3.0.0" + ], + "v": "<=3.0.0" + }, { "advisory": "Apache-airflow-providers-mongo 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", "cve": "PVE-2021-42852", @@ -7785,16 +7881,6 @@ ], "v": "<=3.0.0" }, - { - "advisory": "Apache-airflow-providers-mongo 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49807", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49807", - "specs": [ - "<=3.0.0" - ], - "v": "<=3.0.0" - }, { "advisory": "When SSL\u00a0was enabled for Mongo Hook, default settings included \"allow_insecure\" which caused that certificates were not validated. This was unexpected and undocumented.", "cve": "CVE-2024-25141", @@ -8189,6 +8275,16 @@ } ], "apache-airflow-providers-snowflake": [ + { + "advisory": "Apache-airflow-providers-snowflake 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49849", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49849", + "specs": [ + "<=3.0.0" + ], + "v": "<=3.0.0" + }, { "advisory": "Apache-airflow-providers-snowflake 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", "cve": "PVE-2021-42852", @@ -8208,16 +8304,6 @@ "<=3.0.0" ], "v": "<=3.0.0" - }, - { - "advisory": "Apache-airflow-providers-snowflake 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49849", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49849", - "specs": [ - "<=3.0.0" - ], - "v": "<=3.0.0" } ], "apache-airflow-providers-ssh": [ @@ -10173,16 +10259,6 @@ ], "v": "<5.0.0" }, - { - "advisory": "Argo-workflows 5.0.0 (Python SDK) is compatible with Argo-workflows core v3.0.0, which fixes a XSS vulnerability.\r\nhttps://github.com/argoproj/argo-workflows/pull/3975", - "cve": "PVE-2022-46473", - "id": "pyup.io-46473", - "more_info_path": "/vulnerabilities/PVE-2022-46473/46473", - "specs": [ - "<5.0.0" - ], - "v": "<5.0.0" - }, { "advisory": "Argo-workflows 5.0.0 (Python SDK) is compatible with Argo-workflows core v3.0.0, which improves cookie security.\r\nhttps://github.com/argoproj/argo-workflows/issues/2759", "cve": "PVE-2022-46476", @@ -10203,6 +10279,16 @@ ], "v": "<5.0.0" }, + { + "advisory": "Argo-workflows 5.0.0 (Python SDK) is compatible with Argo-workflows core v3.0.0, which fixes a XSS vulnerability.\r\nhttps://github.com/argoproj/argo-workflows/pull/3975", + "cve": "PVE-2022-46473", + "id": "pyup.io-46473", + "more_info_path": "/vulnerabilities/PVE-2022-46473/46473", + "specs": [ + "<5.0.0" + ], + "v": "<5.0.0" + }, { "advisory": "Argo-workflows 6.1.0rc1 (Python SDK) is compatible with Argo-workflow core v3.1.0rc1, which enforces TLS version >= 1.2.\r\nhttps://github.com/argoproj/argo-workflows/commit/199016a6bed5284df3ec5caebbef9f2d018a2d43", "cve": "PVE-2022-46465", @@ -10276,10 +10362,10 @@ "v": "<6.3.9" }, { - "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/d874c1a87b65b300b2a4c93032bd2970d6f91d8f", - "cve": "CVE-2022-24785", - "id": "pyup.io-50683", - "more_info_path": "/vulnerabilities/CVE-2022-24785/50683", + "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", + "cve": "CVE-2020-8908", + "id": "pyup.io-50685", + "more_info_path": "/vulnerabilities/CVE-2020-8908/50685", "specs": [ "<6.3.9" ], @@ -10296,10 +10382,10 @@ "v": "<6.3.9" }, { - "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", - "cve": "CVE-2020-8908", - "id": "pyup.io-50685", - "more_info_path": "/vulnerabilities/CVE-2020-8908/50685", + "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/d874c1a87b65b300b2a4c93032bd2970d6f91d8f", + "cve": "CVE-2022-24785", + "id": "pyup.io-50683", + "more_info_path": "/vulnerabilities/CVE-2022-24785/50683", "specs": [ "<6.3.9" ], @@ -10356,20 +10442,20 @@ "v": "<6.4.7" }, { - "advisory": "Argo-workflows 6.4.7 (Python SDK) is compatible with Argo-workflows core v3.4.7, which updates UI NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/pull/10842", - "cve": "CVE-2021-4279", - "id": "pyup.io-54997", - "more_info_path": "/vulnerabilities/CVE-2021-4279/54997", + "advisory": "Argo-workflows 6.4.7 (Python SDK) is compatible with Argo-workflows core v3.4.7, which upgrades docker to v20.10.24 to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/pull/10868", + "cve": "CVE-2023-28840", + "id": "pyup.io-54979", + "more_info_path": "/vulnerabilities/CVE-2023-28840/54979", "specs": [ "<6.4.7" ], "v": "<6.4.7" }, { - "advisory": "Argo-workflows 6.4.7 (Python SDK) is compatible with Argo-workflows core v3.4.7, which upgrades docker to v20.10.24 to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/pull/10868", - "cve": "CVE-2023-28840", - "id": "pyup.io-54979", - "more_info_path": "/vulnerabilities/CVE-2023-28840/54979", + "advisory": "Argo-workflows 6.4.7 (Python SDK) is compatible with Argo-workflows core v3.4.7, which updates UI NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/pull/10842", + "cve": "CVE-2021-4279", + "id": "pyup.io-54997", + "more_info_path": "/vulnerabilities/CVE-2021-4279/54997", "specs": [ "<6.4.7" ], @@ -10532,6 +10618,19 @@ "v": ">=0,<=0" } ], + "artifact-lab-3-package-4c04b1a2": [ + { + "advisory": "Artifact-lab-3-package-4c04b1a2 communicates with a domain associated with malicious activity.", + "cve": "PVE-2024-73279", + "id": "pyup.io-73279", + "more_info_path": "/vulnerabilities/PVE-2024-73279/73279", + "specs": [ + ">=0", + "<=0" + ], + "v": ">=0,<=0" + } + ], "aryi": [ { "advisory": "Aryi is a malicious package. It steals users' credit card numbers and Discord tokens.\r\nhttps://www.bleepingcomputer.com/news/security/pypi-packages-caught-stealing-credit-card-numbers-discord-tokens/", @@ -10691,10 +10790,10 @@ "v": "<3.0.1" }, { - "advisory": "Astropy 3.0.1 updates cfitsio to v3.43: NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.", - "cve": "CVE-2019-1010060", - "id": "pyup.io-70530", - "more_info_path": "/vulnerabilities/CVE-2019-1010060/70530", + "advisory": "Astropy 3.0.1 updates the bundled CFITSIO library to 3.430. This is to remedy a critical security vulnerability that was identified by NASA.", + "cve": "CVE-2018-3846", + "id": "pyup.io-48550", + "more_info_path": "/vulnerabilities/CVE-2018-3846/48550", "specs": [ "<3.0.1" ], @@ -10711,10 +10810,10 @@ "v": "<3.0.1" }, { - "advisory": "Astropy 3.0.1 updates the bundled CFITSIO library to 3.430. This is to remedy a critical security vulnerability that was identified by NASA.", - "cve": "CVE-2018-3846", - "id": "pyup.io-48550", - "more_info_path": "/vulnerabilities/CVE-2018-3846/48550", + "advisory": "Astropy 3.0.1 updates cfitsio to v3.43: NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.", + "cve": "CVE-2019-1010060", + "id": "pyup.io-70530", + "more_info_path": "/vulnerabilities/CVE-2019-1010060/70530", "specs": [ "<3.0.1" ], @@ -10763,6 +10862,58 @@ "v": ">=5.1rc1,<5.1.1,<5.0.5" } ], + "async-batcher": [ + { + "advisory": "Async-batcher's update to a newer version of scikit-learn addresses CVE-2024-5206.", + "cve": "CVE-2024-5206", + "id": "pyup.io-73033", + "more_info_path": "/vulnerabilities/CVE-2024-5206/73033", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + }, + { + "advisory": "Async-batcher's update to a newer version of idna addresses CVE-2024-3651.", + "cve": "CVE-2024-3651", + "id": "pyup.io-73013", + "more_info_path": "/vulnerabilities/CVE-2024-3651/73013", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + }, + { + "advisory": "Async-batcher's update to a newer version of aiohttp addresses CVE-2024-27306.", + "cve": "CVE-2024-27306", + "id": "pyup.io-73032", + "more_info_path": "/vulnerabilities/CVE-2024-27306/73032", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + }, + { + "advisory": "Async-batcher's update to a newer version of setuptools addresses CVE-2024-6345.", + "cve": "CVE-2024-6345", + "id": "pyup.io-73034", + "more_info_path": "/vulnerabilities/CVE-2024-6345/73034", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + }, + { + "advisory": "Async-batcher's update to newer versions of aioboto3 and urllib3 addresses CVE-2024-37891.", + "cve": "CVE-2024-37891", + "id": "pyup.io-73035", + "more_info_path": "/vulnerabilities/CVE-2024-37891/73035", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + } + ], "async-firebase": [ { "advisory": "Async-firebase version 3.6.2 has updated its cryptography dependency to version 42.0.4 in response to the security vulnerability identified as CVE-2023-4807.", @@ -10855,20 +11006,20 @@ ], "asyncssh": [ { - "advisory": "An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack.", - "cve": "CVE-2023-46445", - "id": "pyup.io-65385", - "more_info_path": "/vulnerabilities/CVE-2023-46445/65385", + "advisory": "An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.", + "cve": "CVE-2023-46446", + "id": "pyup.io-65384", + "more_info_path": "/vulnerabilities/CVE-2023-46446/65384", "specs": [ "<2.14.1" ], "v": "<2.14.1" }, { - "advisory": "An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation.", - "cve": "CVE-2023-46446", - "id": "pyup.io-65384", - "more_info_path": "/vulnerabilities/CVE-2023-46446/65384", + "advisory": "An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack.", + "cve": "CVE-2023-46445", + "id": "pyup.io-65385", + "more_info_path": "/vulnerabilities/CVE-2023-46445/65385", "specs": [ "<2.14.1" ], @@ -11015,6 +11166,18 @@ "v": ">=0,<0.15" } ], + "attpc-spyral": [ + { + "advisory": "The Attpc-spyral project has upgraded JupyterLab from version 4.1.6 to 4.2.5 to address the security vulnerability identified as CVE-2024-43805.", + "cve": "CVE-2024-43805", + "id": "pyup.io-73454", + "more_info_path": "/vulnerabilities/CVE-2024-43805/73454", + "specs": [ + "<0.5.0" + ], + "v": "<0.5.0" + } + ], "aubio": [ { "advisory": "In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.", @@ -11275,7 +11438,7 @@ "v": "<1.1.0" }, { - "advisory": "Affected versions of Authlib have an algorithm confusion vulnerability in asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)", + "advisory": "Affected versions of Authlib have an algorithm confusion vulnerability in asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663.", "cve": "CVE-2024-37568", "id": "pyup.io-71636", "more_info_path": "/vulnerabilities/CVE-2024-37568/71636", @@ -11473,6 +11636,18 @@ "v": "<1.1.1" } ], + "autogen": [ + { + "advisory": "The affected version of Autogen has a security flaw that allows code execution via code_execution_config, which is fixed by setting code_execution_config to False instead of None.", + "cve": "PVE-2024-73068", + "id": "pyup.io-73068", + "more_info_path": "/vulnerabilities/PVE-2024-73068/73068", + "specs": [ + "<0.2.11" + ], + "v": "<0.2.11" + } + ], "autogluon": [ { "advisory": "Autogluon 0.4.1 updates its dependency 'pillow' minimum requirement to v9.0.1 to include security fixes.", @@ -11496,9 +11671,9 @@ }, { "advisory": "Autogluon 0.5.3 updates its dependency 'transformers' requirement to \">=4.23.0,<4.24.0\" to include security fixes.", - "cve": "CVE-2022-1941", - "id": "pyup.io-51994", - "more_info_path": "/vulnerabilities/CVE-2022-1941/51994", + "cve": "PVE-2022-51450", + "id": "pyup.io-51940", + "more_info_path": "/vulnerabilities/PVE-2022-51450/51940", "specs": [ "<0.5.3" ], @@ -11506,9 +11681,9 @@ }, { "advisory": "Autogluon 0.5.3 updates its dependency 'transformers' requirement to \">=4.23.0,<4.24.0\" to include security fixes.", - "cve": "PVE-2022-51450", - "id": "pyup.io-51940", - "more_info_path": "/vulnerabilities/PVE-2022-51450/51940", + "cve": "CVE-2022-1941", + "id": "pyup.io-51994", + "more_info_path": "/vulnerabilities/CVE-2022-1941/51994", "specs": [ "<0.5.3" ], @@ -11556,9 +11731,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-44228", - "id": "pyup.io-48621", - "more_info_path": "/vulnerabilities/CVE-2021-44228/48621", + "cve": "CVE-2021-45046", + "id": "pyup.io-48622", + "more_info_path": "/vulnerabilities/CVE-2021-45046/48622", "specs": [ ">=0.4.0,<0.4.1" ], @@ -11566,9 +11741,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-45105", - "id": "pyup.io-48623", - "more_info_path": "/vulnerabilities/CVE-2021-45105/48623", + "cve": "CVE-2021-44228", + "id": "pyup.io-48621", + "more_info_path": "/vulnerabilities/CVE-2021-44228/48621", "specs": [ ">=0.4.0,<0.4.1" ], @@ -11576,9 +11751,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-45046", - "id": "pyup.io-48622", - "more_info_path": "/vulnerabilities/CVE-2021-45046/48622", + "cve": "CVE-2021-44832", + "id": "pyup.io-48624", + "more_info_path": "/vulnerabilities/CVE-2021-44832/48624", "specs": [ ">=0.4.0,<0.4.1" ], @@ -11596,9 +11771,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-44832", - "id": "pyup.io-48624", - "more_info_path": "/vulnerabilities/CVE-2021-44832/48624", + "cve": "CVE-2021-45105", + "id": "pyup.io-48623", + "more_info_path": "/vulnerabilities/CVE-2021-45105/48623", "specs": [ ">=0.4.0,<0.4.1" ], @@ -11690,16 +11865,6 @@ } ], "av": [ - { - "advisory": "Av 9.0.1 updates wheel components to include security fixes [gmp].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", - "cve": "CVE-2021-43618", - "id": "pyup.io-45837", - "more_info_path": "/vulnerabilities/CVE-2021-43618/45837", - "specs": [ - "<9.0.1" - ], - "v": "<9.0.1" - }, { "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", "cve": "CVE-2020-27841", @@ -11710,16 +11875,6 @@ ], "v": "<9.0.1" }, - { - "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", - "cve": "CVE-2020-27844", - "id": "pyup.io-45824", - "more_info_path": "/vulnerabilities/CVE-2020-27844/45824", - "specs": [ - "<9.0.1" - ], - "v": "<9.0.1" - }, { "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", "cve": "CVE-2019-12973", @@ -11730,16 +11885,6 @@ ], "v": "<9.0.1" }, - { - "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", - "cve": "CVE-2020-6851", - "id": "pyup.io-45827", - "more_info_path": "/vulnerabilities/CVE-2020-6851/45827", - "specs": [ - "<9.0.1" - ], - "v": "<9.0.1" - }, { "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", "cve": "CVE-2020-27824", @@ -11760,16 +11905,6 @@ ], "v": "<9.0.1" }, - { - "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", - "cve": "CVE-2020-27823", - "id": "pyup.io-45825", - "more_info_path": "/vulnerabilities/CVE-2020-27823/45825", - "specs": [ - "<9.0.1" - ], - "v": "<9.0.1" - }, { "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", "cve": "CVE-2020-27845", @@ -11780,16 +11915,6 @@ ], "v": "<9.0.1" }, - { - "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", - "cve": "CVE-2020-27843", - "id": "pyup.io-45829", - "more_info_path": "/vulnerabilities/CVE-2020-27843/45829", - "specs": [ - "<9.0.1" - ], - "v": "<9.0.1" - }, { "advisory": "Av 9.0.1 updates wheel components to include security fixes [wavpack].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", "cve": "CVE-2020-35738", @@ -11810,6 +11935,16 @@ ], "v": "<9.0.1" }, + { + "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", + "cve": "CVE-2020-15389", + "id": "pyup.io-45828", + "more_info_path": "/vulnerabilities/CVE-2020-15389/45828", + "specs": [ + "<9.0.1" + ], + "v": "<9.0.1" + }, { "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", "cve": "CVE-2020-27814", @@ -11822,9 +11957,49 @@ }, { "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", - "cve": "CVE-2020-15389", - "id": "pyup.io-45828", - "more_info_path": "/vulnerabilities/CVE-2020-15389/45828", + "cve": "CVE-2020-6851", + "id": "pyup.io-45827", + "more_info_path": "/vulnerabilities/CVE-2020-6851/45827", + "specs": [ + "<9.0.1" + ], + "v": "<9.0.1" + }, + { + "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", + "cve": "CVE-2020-27844", + "id": "pyup.io-45824", + "more_info_path": "/vulnerabilities/CVE-2020-27844/45824", + "specs": [ + "<9.0.1" + ], + "v": "<9.0.1" + }, + { + "advisory": "Av 9.0.1 updates wheel components to include security fixes [gmp].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", + "cve": "CVE-2021-43618", + "id": "pyup.io-45837", + "more_info_path": "/vulnerabilities/CVE-2021-43618/45837", + "specs": [ + "<9.0.1" + ], + "v": "<9.0.1" + }, + { + "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", + "cve": "CVE-2020-27843", + "id": "pyup.io-45829", + "more_info_path": "/vulnerabilities/CVE-2020-27843/45829", + "specs": [ + "<9.0.1" + ], + "v": "<9.0.1" + }, + { + "advisory": "Av 9.0.1 updates wheel components to include security fixes [openjpeg].\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", + "cve": "CVE-2020-27823", + "id": "pyup.io-45825", + "more_info_path": "/vulnerabilities/CVE-2020-27823/45825", "specs": [ "<9.0.1" ], @@ -11852,9 +12027,9 @@ }, { "advisory": "Av 9.1.0 updates 'FFmpeg' binary wheels to fix security vulnerabilities.\r\nhttps://github.com/PyAV-Org/PyAV/commit/9cbe441d637be15d5b4b57211a7df3958c3c0a02", - "cve": "CVE-2020-26682", - "id": "pyup.io-47837", - "more_info_path": "/vulnerabilities/CVE-2020-26682/47837", + "cve": "CVE-2022-23308", + "id": "pyup.io-47836", + "more_info_path": "/vulnerabilities/CVE-2022-23308/47836", "specs": [ "<9.1.0" ], @@ -11872,9 +12047,9 @@ }, { "advisory": "Av 9.1.0 updates 'FFmpeg' binary wheels to fix security vulnerabilities.\r\nhttps://github.com/PyAV-Org/PyAV/commit/9cbe441d637be15d5b4b57211a7df3958c3c0a02", - "cve": "CVE-2022-23308", - "id": "pyup.io-47836", - "more_info_path": "/vulnerabilities/CVE-2022-23308/47836", + "cve": "CVE-2020-26682", + "id": "pyup.io-47837", + "more_info_path": "/vulnerabilities/CVE-2020-26682/47837", "specs": [ "<9.1.0" ], @@ -12158,6 +12333,16 @@ } ], "aws-sam-cli": [ + { + "advisory": "The AWS Serverless Application Model (SAM) CLI, an open-source tool for building and deploying serverless applications on AWS, has a vulnerability in affected versions. When using the DockerBuildArgs parameter, sensitive data specified there may be exposed in clear text via STDERR during the sam build command. This could potentially reveal secrets to unauthorized parties. AWS recommends upgrading to SAM CLI v1.122.0 or later, which includes a patch for this issue. Users should review their logs if they've used DockerBuildArgs and consider rotating any potentially exposed secrets.", + "cve": "PVE-2024-73183", + "id": "pyup.io-73183", + "more_info_path": "/vulnerabilities/PVE-2024-73183/73183", + "specs": [ + "<1.122.0" + ], + "v": "<1.122.0" + }, { "advisory": "Aws-sam-cli 1.51.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/aws/aws-sam-cli/pull/3905", "cve": "PVE-2023-59624", @@ -12732,20 +12917,20 @@ "v": "<14.0.0.0rc1" }, { - "advisory": "Barbican 17.0.0.0rc1 and prior versions are affected by CVE-2023-1636: A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2181765", - "cve": "CVE-2023-1636", - "id": "pyup.io-61408", - "more_info_path": "/vulnerabilities/CVE-2023-1636/61408", + "advisory": "Barbican 17.0.0.0rc1 and prior versions are affected by CVE-2023-1633: A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2181761", + "cve": "CVE-2023-1633", + "id": "pyup.io-61407", + "more_info_path": "/vulnerabilities/CVE-2023-1633/61407", "specs": [ "<=17.0.0.0rc1" ], "v": "<=17.0.0.0rc1" }, { - "advisory": "Barbican 17.0.0.0rc1 and prior versions are affected by CVE-2023-1633: A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2181761", - "cve": "CVE-2023-1633", - "id": "pyup.io-61407", - "more_info_path": "/vulnerabilities/CVE-2023-1633/61407", + "advisory": "Barbican 17.0.0.0rc1 and prior versions are affected by CVE-2023-1636: A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2181765", + "cve": "CVE-2023-1636", + "id": "pyup.io-61408", + "more_info_path": "/vulnerabilities/CVE-2023-1636/61408", "specs": [ "<=17.0.0.0rc1" ], @@ -12928,20 +13113,20 @@ "v": "<0.2.3" }, { - "advisory": "Bayesian-testing 0.5.5 updates its dependency 'requests' to version '2.31.0' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/Matt52/bayesian-testing/commit/1e05416c8670426b3bc8e4386da998deaa66833e", - "cve": "CVE-2023-32681", - "id": "pyup.io-60524", - "more_info_path": "/vulnerabilities/CVE-2023-32681/60524", + "advisory": "Bayesian-testing 0.5.5 updates its dependency 'certifi' to version '2023.07.22' to include a fix for a vulnerability.\r\nhttps://github.com/Matt52/bayesian-testing/commit/1e05416c8670426b3bc8e4386da998deaa66833e", + "cve": "CVE-2023-37920", + "id": "pyup.io-60517", + "more_info_path": "/vulnerabilities/CVE-2023-37920/60517", "specs": [ "<0.5.5" ], "v": "<0.5.5" }, { - "advisory": "Bayesian-testing 0.5.5 updates its dependency 'certifi' to version '2023.07.22' to include a fix for a vulnerability.\r\nhttps://github.com/Matt52/bayesian-testing/commit/1e05416c8670426b3bc8e4386da998deaa66833e", - "cve": "CVE-2023-37920", - "id": "pyup.io-60517", - "more_info_path": "/vulnerabilities/CVE-2023-37920/60517", + "advisory": "Bayesian-testing 0.5.5 updates its dependency 'requests' to version '2.31.0' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/Matt52/bayesian-testing/commit/1e05416c8670426b3bc8e4386da998deaa66833e", + "cve": "CVE-2023-32681", + "id": "pyup.io-60524", + "more_info_path": "/vulnerabilities/CVE-2023-32681/60524", "specs": [ "<0.5.5" ], @@ -13820,6 +14005,26 @@ ], "v": "<3.4.3" }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix an Expected Behavior Violation vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-23931", + "id": "pyup.io-59616", + "more_info_path": "/vulnerabilities/CVE-2023-23931/59616", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Timing Attack vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-4304", + "id": "pyup.io-59612", + "more_info_path": "/vulnerabilities/CVE-2022-4304/59612", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, { "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", "cve": "CVE-2022-4450", @@ -13870,16 +14075,6 @@ ], "v": "<5.3.1" }, - { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-0216", - "id": "pyup.io-59613", - "more_info_path": "/vulnerabilities/CVE-2023-0216/59613", - "specs": [ - "<5.3.1" - ], - "v": "<5.3.1" - }, { "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", "cve": "CVE-2023-0401", @@ -13892,9 +14087,9 @@ }, { "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2022-4203", - "id": "pyup.io-59614", - "more_info_path": "/vulnerabilities/CVE-2022-4203/59614", + "cve": "CVE-2023-0216", + "id": "pyup.io-59613", + "more_info_path": "/vulnerabilities/CVE-2023-0216/59613", "specs": [ "<5.3.1" ], @@ -13911,20 +14106,10 @@ "v": "<5.3.1" }, { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Timing Attack vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2022-4304", - "id": "pyup.io-59612", - "more_info_path": "/vulnerabilities/CVE-2022-4304/59612", - "specs": [ - "<5.3.1" - ], - "v": "<5.3.1" - }, - { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix an Expected Behavior Violation vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-23931", - "id": "pyup.io-59616", - "more_info_path": "/vulnerabilities/CVE-2023-23931/59616", + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-4203", + "id": "pyup.io-59614", + "more_info_path": "/vulnerabilities/CVE-2022-4203/59614", "specs": [ "<5.3.1" ], @@ -13941,20 +14126,20 @@ "v": "<6.12.0" }, { - "advisory": "Bittensor version 6.12.0 updates FastAPI to versions 0.99.1 and 0.110.1 to address security issues highlighted in CVE-2024-24762.", - "cve": "CVE-2024-24762", - "id": "pyup.io-70789", - "more_info_path": "/vulnerabilities/CVE-2024-24762/70789", + "advisory": "Bittensor version 6.12.0 updates its cryptography library to versions 42.0.0 and 42.0.5 to address the security vulnerabilities outlined in CVE-2024-26130.", + "cve": "CVE-2023-5363", + "id": "pyup.io-70793", + "more_info_path": "/vulnerabilities/CVE-2023-5363/70793", "specs": [ "<6.12.0" ], "v": "<6.12.0" }, { - "advisory": "Bittensor version 6.12.0 updates its cryptography library to versions 42.0.0 and 42.0.5 to address the security vulnerabilities outlined in CVE-2024-26130.", - "cve": "CVE-2023-5363", - "id": "pyup.io-70793", - "more_info_path": "/vulnerabilities/CVE-2023-5363/70793", + "advisory": "Bittensor version 6.12.0 updates FastAPI to versions 0.99.1 and 0.110.1 to address security issues highlighted in CVE-2024-24762.", + "cve": "CVE-2024-24762", + "id": "pyup.io-70789", + "more_info_path": "/vulnerabilities/CVE-2024-24762/70789", "specs": [ "<6.12.0" ], @@ -14367,6 +14552,38 @@ "v": "<1.0.4" } ], + "boaviztapi": [ + { + "advisory": "Boaviztapi bumped requests from 2.31.0 to 2.32.2 via Dependabot to address CVE-2024-35195.", + "cve": "CVE-2024-35195", + "id": "pyup.io-73400", + "more_info_path": "/vulnerabilities/CVE-2024-35195/73400", + "specs": [ + "<1.3" + ], + "v": "<1.3" + }, + { + "advisory": "Boaviztapi bumped idna from 3.6 to 3.7 via Dependabot to address CVE-2024-3651.", + "cve": "CVE-2024-3651", + "id": "pyup.io-73378", + "more_info_path": "/vulnerabilities/CVE-2024-3651/73378", + "specs": [ + "<1.3" + ], + "v": "<1.3" + }, + { + "advisory": "Boaviztapi bumped certifi from 2024.2.2 to 2024.7.4 via Dependabot to address CVE-2024-39689.", + "cve": "CVE-2024-39689", + "id": "pyup.io-73399", + "more_info_path": "/vulnerabilities/CVE-2024-39689/73399", + "specs": [ + "<1.3" + ], + "v": "<1.3" + } + ], "bobocep": [ { "advisory": "Bobocep 1.2.1 updates its pycryptodome dependency from version 3.19.0 to 3.20.0 to address CVE-2023-52323.", @@ -14457,20 +14674,20 @@ "v": "<1.1.0" }, { - "advisory": "Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.", - "cve": "CVE-2019-11358", - "id": "pyup.io-45293", - "more_info_path": "/vulnerabilities/CVE-2019-11358/45293", + "advisory": "Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.", + "cve": "PVE-2022-45295", + "id": "pyup.io-45295", + "more_info_path": "/vulnerabilities/PVE-2022-45295/45295", "specs": [ "<1.2.0" ], "v": "<1.2.0" }, { - "advisory": "Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.", - "cve": "PVE-2022-45295", - "id": "pyup.io-45295", - "more_info_path": "/vulnerabilities/PVE-2022-45295/45295", + "advisory": "Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.", + "cve": "CVE-2019-11358", + "id": "pyup.io-45293", + "more_info_path": "/vulnerabilities/CVE-2019-11358/45293", "specs": [ "<1.2.0" ], @@ -14498,9 +14715,9 @@ }, { "advisory": "Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.", - "cve": "CVE-2021-41184", - "id": "pyup.io-42815", - "more_info_path": "/vulnerabilities/CVE-2021-41184/42815", + "cve": "CVE-2021-41183", + "id": "pyup.io-42814", + "more_info_path": "/vulnerabilities/CVE-2021-41183/42814", "specs": [ "<2.4.2" ], @@ -14518,9 +14735,9 @@ }, { "advisory": "Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.", - "cve": "CVE-2021-41183", - "id": "pyup.io-42814", - "more_info_path": "/vulnerabilities/CVE-2021-41183/42814", + "cve": "CVE-2021-41184", + "id": "pyup.io-42815", + "more_info_path": "/vulnerabilities/CVE-2021-41184/42815", "specs": [ "<2.4.2" ], @@ -15894,6 +16111,18 @@ "v": "<2.0.9" } ], + "capstone": [ + { + "advisory": "Affected versions of Capstone are potentially vulnerable to buffer overflow.", + "cve": "PVE-2024-73501", + "id": "pyup.io-73501", + "more_info_path": "/vulnerabilities/PVE-2024-73501/73501", + "specs": [ + "<6.0.0alpha1" + ], + "v": "<6.0.0alpha1" + } + ], "captchaboy": [ { "advisory": "Captchaboy is a malicious package. It delivers the W4SP Stealer Malware to your system.\r\nhttps://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html", @@ -16142,16 +16371,6 @@ ], "v": "<1.2.1" }, - { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'tar' to version '6.1.15' to include a fix for an Arbitrary File Write vulnerability.\r\nhttps://github.com/catboost/catboost/commit/f54bd997762dede21c31022ae27b7fd5be36c925", - "cve": "CVE-2021-32803", - "id": "pyup.io-60749", - "more_info_path": "/vulnerabilities/CVE-2021-32803/60749", - "specs": [ - "<1.2.1" - ], - "v": "<1.2.1" - }, { "advisory": "Catboost 1.2.1 updates its NPM dependency 'loader-utils' to version '1.4.2' to include a fix for a Prototype Pollution vulnerability.\r\nhttps://github.com/catboost/catboost/commit/fc169568301a2f20f1329ff0680e4d68dc965485", "cve": "CVE-2022-37601", @@ -16172,16 +16391,6 @@ ], "v": "<1.2.1" }, - { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'minimist' to version '1.2.8' to include a fix for a Prototype Pollution vulnerability.\r\nhttps://github.com/catboost/catboost/commit/63b0cd67faf62ba3fcd7281044dad144f8b6ff4d", - "cve": "CVE-2021-44906", - "id": "pyup.io-60755", - "more_info_path": "/vulnerabilities/CVE-2021-44906/60755", - "specs": [ - "<1.2.1" - ], - "v": "<1.2.1" - }, { "advisory": "Catboost 1.2.1 updates its dependency 'nanoid' to version '3.3.6' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/catboost/catboost/commit/9381a56a05fc7f2b8cecc323c5b26aa60d3703f0", "cve": "CVE-2021-23566", @@ -16193,110 +16402,90 @@ "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'minimatch' to version '3.1.2' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/3b9820e0bfb7b9e34dbaf0403e95e0dcdc9d9ba3", - "cve": "CVE-2022-3517", - "id": "pyup.io-60744", - "more_info_path": "/vulnerabilities/CVE-2022-3517/60744", - "specs": [ - "<1.2.1" - ], - "v": "<1.2.1" - }, - { - "advisory": "Catboost 1.2.1 updates its dependency 'json5' to version '3.3.6' to include a fix for a Prototype Pollution vulnerability.\r\nhttps://github.com/catboost/catboost/commit/c6393bf6300ecc6d8bcbd98d61927149cb205100", - "cve": "CVE-2022-46175", - "id": "pyup.io-60762", - "more_info_path": "/vulnerabilities/CVE-2022-46175/60762", - "specs": [ - "<1.2.1" - ], - "v": "<1.2.1" - }, - { - "advisory": "Catboost 1.2.1 updates its dependency 'jackson-databind' to version '2.13.4.2' to include a fix for a DoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/e88f390a4e2630c9e8a5b82cd01c053a9fd29795", - "cve": "CVE-2022-42003", - "id": "pyup.io-60769", - "more_info_path": "/vulnerabilities/CVE-2022-42003/60769", + "advisory": "Catboost 1.2.1 updates its dependency 'normalize-url' to version '4.5.1' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/44e9f5fcf515e7d3d4bc891388e679ff7bceefb9", + "cve": "CVE-2021-33502", + "id": "pyup.io-60764", + "more_info_path": "/vulnerabilities/CVE-2021-33502/60764", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its dependency 'snappy-java' to version '1.1.10.1' to include a fix for a DoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/b51a3b2302a1d6b1a596b406efef347c872d9a0e", - "cve": "CVE-2023-34455", - "id": "pyup.io-60767", - "more_info_path": "/vulnerabilities/CVE-2023-34455/60767", + "advisory": "Catboost 1.2.1 updates its dependency 'snappy-java' to version '1.1.10.1' to include a fix for an Integer Overflow vulnerability.\r\nhttps://github.com/catboost/catboost/commit/b51a3b2302a1d6b1a596b406efef347c872d9a0e", + "cve": "CVE-2023-34454", + "id": "pyup.io-60766", + "more_info_path": "/vulnerabilities/CVE-2023-34454/60766", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its dependency 'postcss' to version '8.4.27' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/8143d912bc7364b488ae5a33e2c83e29b988420f", - "cve": "CVE-2021-23368", - "id": "pyup.io-60760", - "more_info_path": "/vulnerabilities/CVE-2021-23368/60760", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'tenser' to version '5.19.2' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/28aa3945fe8664bfbf0dd1d1cd2e04f6aca398b5", + "cve": "CVE-2022-25858", + "id": "pyup.io-60717", + "more_info_path": "/vulnerabilities/CVE-2022-25858/60717", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its dependency 'junit:junit' to version '4.13.1' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/catboost/catboost/commit/95a9dca46d21133005b3d6d66be165384ba77f2d", - "cve": "CVE-2020-15250", - "id": "pyup.io-60765", - "more_info_path": "/vulnerabilities/CVE-2020-15250/60765", + "advisory": "Catboost 1.2.1 updates its dependency 'ansi-regex' to version '5.0.1' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/7eebbf8e2fec4d2e3225e819a86c0b14dde72c52", + "cve": "CVE-2021-3807", + "id": "pyup.io-60763", + "more_info_path": "/vulnerabilities/CVE-2021-3807/60763", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'semver' to version '5.7.2' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/d0183bfcf67525a3ad9f4427e23f1472ad9f588c", - "cve": "CVE-2022-25883", - "id": "pyup.io-60757", - "more_info_path": "/vulnerabilities/CVE-2022-25883/60757", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'tar' to version '6.1.15' to include a fix for an Arbitrary File Write vulnerability.\r\nhttps://github.com/catboost/catboost/commit/f54bd997762dede21c31022ae27b7fd5be36c925", + "cve": "CVE-2021-37701", + "id": "pyup.io-60746", + "more_info_path": "/vulnerabilities/CVE-2021-37701/60746", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its dependency 'jackson-databind' to version '2.13.4.2' to include a fix for a DoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/e88f390a4e2630c9e8a5b82cd01c053a9fd29795", - "cve": "CVE-2022-42004", - "id": "pyup.io-60770", - "more_info_path": "/vulnerabilities/CVE-2022-42004/60770", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'tar' to version '6.1.15' to include a fix for an Arbitrary File Write vulnerability.\r\nhttps://github.com/catboost/catboost/commit/f54bd997762dede21c31022ae27b7fd5be36c925", + "cve": "CVE-2021-37712", + "id": "pyup.io-60747", + "more_info_path": "/vulnerabilities/CVE-2021-37712/60747", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'webpack' to version '5.76.0' to include a fix for a Sandbox Bypass vulnerability.\r\nhttps://github.com/catboost/catboost/commit/e132d847a527827023eb67165e11f1b05a19564f", - "cve": "CVE-2023-28154", - "id": "pyup.io-60751", - "more_info_path": "/vulnerabilities/CVE-2023-28154/60751", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'tar' to version '6.1.15' to include a fix for an Arbitrary File Write vulnerability.\r\nhttps://github.com/catboost/catboost/commit/f54bd997762dede21c31022ae27b7fd5be36c925", + "cve": "CVE-2021-32804", + "id": "pyup.io-60750", + "more_info_path": "/vulnerabilities/CVE-2021-32804/60750", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its dependency 'normalize-url' to version '4.5.1' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/44e9f5fcf515e7d3d4bc891388e679ff7bceefb9", - "cve": "CVE-2021-33502", - "id": "pyup.io-60764", - "more_info_path": "/vulnerabilities/CVE-2021-33502/60764", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'semver' to version '5.7.2' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/d0183bfcf67525a3ad9f4427e23f1472ad9f588c", + "cve": "CVE-2022-25883", + "id": "pyup.io-60757", + "more_info_path": "/vulnerabilities/CVE-2022-25883/60757", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'postcss' to version '8.4.27' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/8143d912bc7364b488ae5a33e2c83e29b988420f", - "cve": "CVE-2021-23382", - "id": "pyup.io-60759", - "more_info_path": "/vulnerabilities/CVE-2021-23382/60759", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'minimist' to version '1.2.8' to include a fix for a Prototype Pollution vulnerability.\r\nhttps://github.com/catboost/catboost/commit/63b0cd67faf62ba3fcd7281044dad144f8b6ff4d", + "cve": "CVE-2021-44906", + "id": "pyup.io-60755", + "more_info_path": "/vulnerabilities/CVE-2021-44906/60755", "specs": [ "<1.2.1" ], @@ -16313,50 +16502,10 @@ "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its dependency 'jackson-databind' to version '2.13.4.2' to include a fix for a DoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/e88f390a4e2630c9e8a5b82cd01c053a9fd29795", - "cve": "CVE-2020-36518", - "id": "pyup.io-60771", - "more_info_path": "/vulnerabilities/CVE-2020-36518/60771", - "specs": [ - "<1.2.1" - ], - "v": "<1.2.1" - }, - { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'tenser' to version '5.19.2' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/28aa3945fe8664bfbf0dd1d1cd2e04f6aca398b5", - "cve": "CVE-2022-25858", - "id": "pyup.io-60717", - "more_info_path": "/vulnerabilities/CVE-2022-25858/60717", - "specs": [ - "<1.2.1" - ], - "v": "<1.2.1" - }, - { - "advisory": "Catboost 1.2.1 updates its dependency 'ansi-regex' to version '5.0.1' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/7eebbf8e2fec4d2e3225e819a86c0b14dde72c52", - "cve": "CVE-2021-3807", - "id": "pyup.io-60763", - "more_info_path": "/vulnerabilities/CVE-2021-3807/60763", - "specs": [ - "<1.2.1" - ], - "v": "<1.2.1" - }, - { - "advisory": "Catboost 1.2.1 updates its dependency 'snappy-java' to version '1.1.10.1' to include a fix for an Integer Overflow vulnerability.\r\nhttps://github.com/catboost/catboost/commit/b51a3b2302a1d6b1a596b406efef347c872d9a0e", - "cve": "CVE-2023-34454", - "id": "pyup.io-60766", - "more_info_path": "/vulnerabilities/CVE-2023-34454/60766", - "specs": [ - "<1.2.1" - ], - "v": "<1.2.1" - }, - { - "advisory": "Catboost 1.2.1 updates its dependency 'snappy-java' to version '1.1.10.1' to include a fix for an Integer Overflow vulnerability.\r\nhttps://github.com/catboost/catboost/commit/b51a3b2302a1d6b1a596b406efef347c872d9a0e", - "cve": "CVE-2023-34453", - "id": "pyup.io-60768", - "more_info_path": "/vulnerabilities/CVE-2023-34453/60768", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'webpack' to version '5.76.0' to include a fix for a Sandbox Bypass vulnerability.\r\nhttps://github.com/catboost/catboost/commit/e132d847a527827023eb67165e11f1b05a19564f", + "cve": "CVE-2023-28154", + "id": "pyup.io-60751", + "more_info_path": "/vulnerabilities/CVE-2023-28154/60751", "specs": [ "<1.2.1" ], @@ -16384,29 +16533,39 @@ }, { "advisory": "Catboost 1.2.1 updates its NPM dependency 'tar' to version '6.1.15' to include a fix for an Arbitrary File Write vulnerability.\r\nhttps://github.com/catboost/catboost/commit/f54bd997762dede21c31022ae27b7fd5be36c925", - "cve": "CVE-2021-37701", - "id": "pyup.io-60746", - "more_info_path": "/vulnerabilities/CVE-2021-37701/60746", + "cve": "CVE-2021-32803", + "id": "pyup.io-60749", + "more_info_path": "/vulnerabilities/CVE-2021-32803/60749", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'tar' to version '6.1.15' to include a fix for an Arbitrary File Write vulnerability.\r\nhttps://github.com/catboost/catboost/commit/f54bd997762dede21c31022ae27b7fd5be36c925", - "cve": "CVE-2021-37712", - "id": "pyup.io-60747", - "more_info_path": "/vulnerabilities/CVE-2021-37712/60747", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'minimatch' to version '3.1.2' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/3b9820e0bfb7b9e34dbaf0403e95e0dcdc9d9ba3", + "cve": "CVE-2022-3517", + "id": "pyup.io-60744", + "more_info_path": "/vulnerabilities/CVE-2022-3517/60744", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Catboost 1.2.1 updates its NPM dependency 'tar' to version '6.1.15' to include a fix for an Arbitrary File Write vulnerability.\r\nhttps://github.com/catboost/catboost/commit/f54bd997762dede21c31022ae27b7fd5be36c925", - "cve": "CVE-2021-32804", - "id": "pyup.io-60750", - "more_info_path": "/vulnerabilities/CVE-2021-32804/60750", + "advisory": "Catboost 1.2.1 updates its NPM dependency 'postcss' to version '8.4.27' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/8143d912bc7364b488ae5a33e2c83e29b988420f", + "cve": "CVE-2021-23382", + "id": "pyup.io-60759", + "more_info_path": "/vulnerabilities/CVE-2021-23382/60759", + "specs": [ + "<1.2.1" + ], + "v": "<1.2.1" + }, + { + "advisory": "Catboost 1.2.1 updates its dependency 'snappy-java' to version '1.1.10.1' to include a fix for an Integer Overflow vulnerability.\r\nhttps://github.com/catboost/catboost/commit/b51a3b2302a1d6b1a596b406efef347c872d9a0e", + "cve": "CVE-2023-34453", + "id": "pyup.io-60768", + "more_info_path": "/vulnerabilities/CVE-2023-34453/60768", "specs": [ "<1.2.1" ], @@ -16422,6 +16581,76 @@ ], "v": "<1.2.1" }, + { + "advisory": "Catboost 1.2.1 updates its dependency 'jackson-databind' to version '2.13.4.2' to include a fix for a DoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/e88f390a4e2630c9e8a5b82cd01c053a9fd29795", + "cve": "CVE-2020-36518", + "id": "pyup.io-60771", + "more_info_path": "/vulnerabilities/CVE-2020-36518/60771", + "specs": [ + "<1.2.1" + ], + "v": "<1.2.1" + }, + { + "advisory": "Catboost 1.2.1 updates its dependency 'json5' to version '3.3.6' to include a fix for a Prototype Pollution vulnerability.\r\nhttps://github.com/catboost/catboost/commit/c6393bf6300ecc6d8bcbd98d61927149cb205100", + "cve": "CVE-2022-46175", + "id": "pyup.io-60762", + "more_info_path": "/vulnerabilities/CVE-2022-46175/60762", + "specs": [ + "<1.2.1" + ], + "v": "<1.2.1" + }, + { + "advisory": "Catboost 1.2.1 updates its dependency 'jackson-databind' to version '2.13.4.2' to include a fix for a DoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/e88f390a4e2630c9e8a5b82cd01c053a9fd29795", + "cve": "CVE-2022-42003", + "id": "pyup.io-60769", + "more_info_path": "/vulnerabilities/CVE-2022-42003/60769", + "specs": [ + "<1.2.1" + ], + "v": "<1.2.1" + }, + { + "advisory": "Catboost 1.2.1 updates its dependency 'snappy-java' to version '1.1.10.1' to include a fix for a DoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/b51a3b2302a1d6b1a596b406efef347c872d9a0e", + "cve": "CVE-2023-34455", + "id": "pyup.io-60767", + "more_info_path": "/vulnerabilities/CVE-2023-34455/60767", + "specs": [ + "<1.2.1" + ], + "v": "<1.2.1" + }, + { + "advisory": "Catboost 1.2.1 updates its dependency 'postcss' to version '8.4.27' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/8143d912bc7364b488ae5a33e2c83e29b988420f", + "cve": "CVE-2021-23368", + "id": "pyup.io-60760", + "more_info_path": "/vulnerabilities/CVE-2021-23368/60760", + "specs": [ + "<1.2.1" + ], + "v": "<1.2.1" + }, + { + "advisory": "Catboost 1.2.1 updates its dependency 'junit:junit' to version '4.13.1' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/catboost/catboost/commit/95a9dca46d21133005b3d6d66be165384ba77f2d", + "cve": "CVE-2020-15250", + "id": "pyup.io-60765", + "more_info_path": "/vulnerabilities/CVE-2020-15250/60765", + "specs": [ + "<1.2.1" + ], + "v": "<1.2.1" + }, + { + "advisory": "Catboost 1.2.1 updates its dependency 'jackson-databind' to version '2.13.4.2' to include a fix for a DoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/e88f390a4e2630c9e8a5b82cd01c053a9fd29795", + "cve": "CVE-2022-42004", + "id": "pyup.io-60770", + "more_info_path": "/vulnerabilities/CVE-2022-42004/60770", + "specs": [ + "<1.2.1" + ], + "v": "<1.2.1" + }, { "advisory": "Catboost 1.2.1 updates its NPM dependency 'loader-utils' to version '1.4.2' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/catboost/catboost/commit/fc169568301a2f20f1329ff0680e4d68dc965485", "cve": "CVE-2022-37599", @@ -16543,20 +16772,20 @@ "v": "<0.0.83" }, { - "advisory": "Cdk-ecr-deployment 2.0.7 updates its GO dependency 'containerd' to v1.5.9 to include a security fix.\r\nhttps://github.com/cdklabs/cdk-ecr-deployment/commit/74e8412f370f4ab00be5b5a1f509c2615a874a46", - "cve": "CVE-2021-43816", - "id": "pyup.io-44474", - "more_info_path": "/vulnerabilities/CVE-2021-43816/44474", + "advisory": "Cdk-ecr-deployment 2.0.7 updates its GO dependency 'opencontainers/runc' to v1.0.3 to include a security fix.\r\nhttps://github.com/cdklabs/cdk-ecr-deployment/commit/74e8412f370f4ab00be5b5a1f509c2615a874a46", + "cve": "CVE-2021-43784", + "id": "pyup.io-54973", + "more_info_path": "/vulnerabilities/CVE-2021-43784/54973", "specs": [ "<2.0.7" ], "v": "<2.0.7" }, { - "advisory": "Cdk-ecr-deployment 2.0.7 updates its GO dependency 'opencontainers/runc' to v1.0.3 to include a security fix.\r\nhttps://github.com/cdklabs/cdk-ecr-deployment/commit/74e8412f370f4ab00be5b5a1f509c2615a874a46", - "cve": "CVE-2021-43784", - "id": "pyup.io-54973", - "more_info_path": "/vulnerabilities/CVE-2021-43784/54973", + "advisory": "Cdk-ecr-deployment 2.0.7 updates its GO dependency 'containerd' to v1.5.9 to include a security fix.\r\nhttps://github.com/cdklabs/cdk-ecr-deployment/commit/74e8412f370f4ab00be5b5a1f509c2615a874a46", + "cve": "CVE-2021-43816", + "id": "pyup.io-44474", + "more_info_path": "/vulnerabilities/CVE-2021-43816/44474", "specs": [ "<2.0.7" ], @@ -16761,40 +16990,40 @@ "v": "<0.12.0" }, { - "advisory": "Cellxgene 0.12.0 stops requiring 'node-fetch' as a NPM dependency to avoid security issues.", - "cve": "CVE-2020-15168", - "id": "pyup.io-44975", - "more_info_path": "/vulnerabilities/CVE-2020-15168/44975", + "advisory": "Cellxgene 0.12.0 updates its NPM dependency 'eslint-utils' to a version ^1.4.2 to include a security fix.", + "cve": "CVE-2019-15657", + "id": "pyup.io-37801", + "more_info_path": "/vulnerabilities/CVE-2019-15657/37801", "specs": [ "<0.12.0" ], "v": "<0.12.0" }, { - "advisory": "Cellxgene 0.12.0 updates several more NPM dependencies to fix security issues.\r\nhttps://github.com/chanzuckerberg/cellxgene/commit/78a43402cb0c1beca5269b3970d4cc31615e4664", - "cve": "PVE-2022-44977", - "id": "pyup.io-44977", - "more_info_path": "/vulnerabilities/PVE-2022-44977/44977", + "advisory": "Cellxgene 0.12.0 updates its NPM dependency 'mixin-deep' to v1.3.2 to include a security fix.", + "cve": "CVE-2019-10746", + "id": "pyup.io-44974", + "more_info_path": "/vulnerabilities/CVE-2019-10746/44974", "specs": [ "<0.12.0" ], "v": "<0.12.0" }, { - "advisory": "Cellxgene 0.12.0 updates its NPM dependency 'eslint-utils' to a version ^1.4.2 to include a security fix.", - "cve": "CVE-2019-15657", - "id": "pyup.io-37801", - "more_info_path": "/vulnerabilities/CVE-2019-15657/37801", + "advisory": "Cellxgene 0.12.0 updates several more NPM dependencies to fix security issues.\r\nhttps://github.com/chanzuckerberg/cellxgene/commit/78a43402cb0c1beca5269b3970d4cc31615e4664", + "cve": "PVE-2022-44977", + "id": "pyup.io-44977", + "more_info_path": "/vulnerabilities/PVE-2022-44977/44977", "specs": [ "<0.12.0" ], "v": "<0.12.0" }, { - "advisory": "Cellxgene 0.12.0 updates its NPM dependency 'mixin-deep' to v1.3.2 to include a security fix.", - "cve": "CVE-2019-10746", - "id": "pyup.io-44974", - "more_info_path": "/vulnerabilities/CVE-2019-10746/44974", + "advisory": "Cellxgene 0.12.0 stops requiring 'node-fetch' as a NPM dependency to avoid security issues.", + "cve": "CVE-2020-15168", + "id": "pyup.io-44975", + "more_info_path": "/vulnerabilities/CVE-2020-15168/44975", "specs": [ "<0.12.0" ], @@ -17247,6 +17476,26 @@ "<1.0.501" ], "v": "<1.0.501" + }, + { + "advisory": "Affected versions of Chainlit are vulnerable to Unsafe Defaults. Default host configuration was 0.0.0.0, allowing connections from any external IP address. This could lead to several security vulnerabilities, such as:\r\n- Denial of Service (DoS) Attacks: Attackers can inundate the system with an overwhelming number of requests, leading to service interruptions for legitimate users by exhausting the system's resources.\r\n- Man-in-the-Middle (MitM) Attacks: The open access makes it feasible for attackers to intercept and manipulate communications between two parties covertly.", + "cve": "PVE-2024-73234", + "id": "pyup.io-73234", + "more_info_path": "/vulnerabilities/PVE-2024-73234/73234", + "specs": [ + "<1.1.404" + ], + "v": "<1.1.404" + }, + { + "advisory": "Affected versions of Chainlit are vulnerable to Path Traversal (CWE-22). This vulnerability allows attackers to read arbitrary files on the server by exploiting insufficient path validation in file-serving endpoints. Functions like `get_file`, `serve_file`, and `get_avatar` fail to properly restrict file paths, enabling attackers to access sensitive files via crafted requests containing malicious path components. Users should upgrade to the version where input validation and path restrictions are correctly implemented to mitigate this vulnerability.", + "cve": "PVE-2024-73036", + "id": "pyup.io-73036", + "more_info_path": "/vulnerabilities/PVE-2024-73036/73036", + "specs": [ + "<1.2.0" + ], + "v": "<1.2.0" } ], "changedetection-io": [ @@ -17993,18 +18242,6 @@ ], "v": ">=2.2.0b0,<2.2.0b8,<2.1.0p28" }, - { - "advisory": "Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows privileged attackers to cause partial denial of service in the UI via long hostnames.\r\nNote: Checkmk on PyPI is a placeholder. You may download the real package from its official website (https://checkmk.com/download).", - "cve": "CVE-2023-23549", - "id": "pyup.io-63146", - "more_info_path": "/vulnerabilities/CVE-2023-23549/63146", - "specs": [ - ">=2.2.0b0,<2.2.0p15", - ">=2.1.0b0,<2.1.0p37", - "<=2.0.0p39" - ], - "v": ">=2.2.0b0,<2.2.0p15,>=2.1.0b0,<2.1.0p37,<=2.0.0p39" - }, { "advisory": "Improper neutralization of livestatus command delimiters in ajax_search in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.\r\nNote: Checkmk on PyPI is a placeholder. You may download the real package from its official website (https://checkmk.com/download).", "cve": "CVE-2023-6157", @@ -18029,6 +18266,18 @@ ], "v": ">=2.2.0b0,<2.2.0p15,>=2.1.0b0,<2.1.0p37,<=2.0.0p39" }, + { + "advisory": "Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows privileged attackers to cause partial denial of service in the UI via long hostnames.\r\nNote: Checkmk on PyPI is a placeholder. You may download the real package from its official website (https://checkmk.com/download).", + "cve": "CVE-2023-23549", + "id": "pyup.io-63146", + "more_info_path": "/vulnerabilities/CVE-2023-23549/63146", + "specs": [ + ">=2.2.0b0,<2.2.0p15", + ">=2.1.0b0,<2.1.0p37", + "<=2.0.0p39" + ], + "v": ">=2.2.0b0,<2.2.0p15,>=2.1.0b0,<2.1.0p37,<=2.0.0p39" + }, { "advisory": "Improper neutralization of livestatus command delimiters in the availability timeline in Checkmk <= 2.0.0p39, < 2.1.0p37, and < 2.2.0p15 allows arbitrary livestatus command execution for authorized users.\r\nNote: Checkmk on PyPI is a placeholder. You may download the real package from its official website (https://checkmk.com/download).", "cve": "CVE-2023-6156", @@ -21623,14 +21872,14 @@ "v": "<19.1.2,>=20.0.0.0rc1,<20.0.2,>=21.0.0.0rc1,<21.0.0" }, { - "advisory": "An issue in affected versions of OpenStack Cinder allows arbitrary file access via custom QCOW2 external data. An authenticated user can supply a crafted QCOW2 image that references a specific data file path, convincing systems to return a copy of that file's contents from the server. This results in unauthorized access to potentially sensitive data.", + "advisory": "A security flaw in affected versions of OpenStack Cinder allows arbitrary file access via custom QCOW2 external data. An authenticated user can supply a crafted QCOW2 image that references a specific data file path, convincing systems to return a copy of that file's contents from the server. This results in unauthorized access to potentially sensitive data.", "cve": "CVE-2024-32498", "id": "pyup.io-72147", "more_info_path": "/vulnerabilities/CVE-2024-32498/72147", "specs": [ - "<24.1.0" + "<25.0.0.0rc1" ], - "v": "<24.1.0" + "v": "<25.0.0.0rc1" }, { "advisory": "The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.", @@ -22117,6 +22366,30 @@ "v": "<0.3.0" } ], + "claudesync": [ + { + "advisory": "ClaudeSync addresses the cleartext storage of sensitive session keys. Affected versions stored session keys in plaintext, exposing them to potential unauthorized access. The fix introduced encryption for session keys using the user's SSH key, significantly enhancing the security of stored credentials. This change mitigates the risk of unauthorized access to user accounts in case of local system breaches.", + "cve": "PVE-2024-73213", + "id": "pyup.io-73213", + "more_info_path": "/vulnerabilities/PVE-2024-73213/73213", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + } + ], + "cleanlab": [ + { + "advisory": "Cleanlab project affected versions contain a security vulnerability in the deserialization process. When loading a data directory, a maliciously crafted datalab.pkl file can execute arbitrary code on the user's system. This vulnerability stems from the use of the pickle module for deserialization without proper safeguards. Attackers can exploit this flaw to compromise systems, potentially leading to data theft, system manipulation, or further malware deployment. Users should exercise extreme caution when loading data from untrusted sources, and consider updating to a patched version if available.", + "cve": "CVE-2024-45857", + "id": "pyup.io-73323", + "more_info_path": "/vulnerabilities/CVE-2024-45857/73323", + "specs": [ + ">=2.4.0" + ], + "v": ">=2.4.0" + } + ], "clearml": [ { "advisory": "Clearml 0.17.5rc3 fixes unsafe call to set_active().\r\nhttps://github.com/allegroai/clearml/commit/b0000df575e830a81674f4e5cf3d89cf6d6441b4", @@ -23576,20 +23849,20 @@ "v": "<2.6.0" }, { - "advisory": "Compliance-trestle 3.3.0 has updated `Jinja2 ` to versions 3.1.3 and 3.1.4 to address vulnerabilities such as CVE-2024-34064.", - "cve": "CVE-2024-34064", - "id": "pyup.io-72184", - "more_info_path": "/vulnerabilities/CVE-2024-34064/72184", + "advisory": "Compliance-trestle 3.3.0 updates its dependency 'urllib3' from version 1.26.17 to 1.26.19 to include a security fix.", + "cve": "CVE-2024-37891", + "id": "pyup.io-72186", + "more_info_path": "/vulnerabilities/CVE-2024-37891/72186", "specs": [ "<3.3.0" ], "v": "<3.3.0" }, { - "advisory": "Compliance-trestle 3.3.0 has updated `urllib3` to versions 1.26.17 and 1.26.19 to address vulnerabilities such as CVE-2024-37891.", - "cve": "CVE-2024-37891", - "id": "pyup.io-72186", - "more_info_path": "/vulnerabilities/CVE-2024-37891/72186", + "advisory": "Compliance-trestle 3.3.0 updates its dependency 'Jinja2' from version 3.1.3 to 3.1.4 to include a security fix.", + "cve": "CVE-2024-34064", + "id": "pyup.io-72184", + "more_info_path": "/vulnerabilities/CVE-2024-34064/72184", "specs": [ "<3.3.0" ], @@ -23597,6 +23870,16 @@ } ], "composer": [ + { + "advisory": "Composer 0.13.0 updates its dependency 'ipython' to v8.11.0 in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2023-24816", + "id": "pyup.io-53697", + "more_info_path": "/vulnerabilities/CVE-2023-24816/53697", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, { "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", "cve": "PVE-2021-44525", @@ -23609,9 +23892,9 @@ }, { "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "PVE-2022-44524", - "id": "pyup.io-53692", - "more_info_path": "/vulnerabilities/PVE-2022-44524/53692", + "cve": "CVE-2021-34552", + "id": "pyup.io-53694", + "more_info_path": "/vulnerabilities/CVE-2021-34552/53694", "specs": [ "<0.13.0" ], @@ -23619,9 +23902,9 @@ }, { "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2021-34552", - "id": "pyup.io-53694", - "more_info_path": "/vulnerabilities/CVE-2021-34552/53694", + "cve": "PVE-2022-44524", + "id": "pyup.io-53692", + "more_info_path": "/vulnerabilities/PVE-2022-44524/53692", "specs": [ "<0.13.0" ], @@ -23637,6 +23920,16 @@ ], "v": "<0.13.0" }, + { + "advisory": "Composer 0.13.0 updates its dependency 'urllib3' requirement to '>=1.26.5,<2'' in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2021-33503", + "id": "pyup.io-53696", + "more_info_path": "/vulnerabilities/CVE-2021-33503/53696", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, { "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", "cve": "CVE-2022-22816", @@ -23658,34 +23951,46 @@ "v": "<0.13.0" }, { - "advisory": "Composer 0.13.0 updates its dependency 'urllib3' requirement to '>=1.26.5,<2'' in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2021-33503", - "id": "pyup.io-53696", - "more_info_path": "/vulnerabilities/CVE-2021-33503/53696", + "advisory": "Composer 0.9.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/mosaicml/composer/pull/1328", + "cve": "PVE-2023-60601", + "id": "pyup.io-60601", + "more_info_path": "/vulnerabilities/PVE-2023-60601/60601", "specs": [ - "<0.13.0" + "<0.9.0" ], - "v": "<0.13.0" + "v": "<0.9.0" + } + ], + "composio-core": [ + { + "advisory": "A critical security vulnerability affects the composiohq composio library. The vulnerability exists in the path function of the file composio\\server\\api.py. Attackers can manipulate the 'file' argument to achieve path traversal, potentially accessing unauthorized files on the system. This vulnerability has been publicly disclosed and exploits may exist in the wild. The vendor has not responded to disclosure attempts, underscoring the urgency of this update. Never process file paths from untrusted sources without proper sanitization and validation.", + "cve": "CVE-2024-8865", + "id": "pyup.io-73299", + "more_info_path": "/vulnerabilities/CVE-2024-8865/73299", + "specs": [ + ">=0" + ], + "v": ">=0" }, { - "advisory": "Composer 0.13.0 updates its dependency 'ipython' to v8.11.0 in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2023-24816", - "id": "pyup.io-53697", - "more_info_path": "/vulnerabilities/CVE-2023-24816/53697", + "advisory": "A security vulnerability affects the composiohq composio library. The vulnerability exists in the path function of the file composio\\server\\api.py. Attackers can manipulate the 'file' argument to achieve path traversal, potentially accessing unauthorized files on the system. This vulnerability has been publicly disclosed and exploits may exist in the wild.", + "cve": "CVE-2024-8865", + "id": "pyup.io-73300", + "more_info_path": "/vulnerabilities/CVE-2024-8865/73300", "specs": [ - "<0.13.0" + ">=0" ], - "v": "<0.13.0" + "v": ">=0" }, { - "advisory": "Composer 0.9.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/mosaicml/composer/pull/1328", - "cve": "PVE-2023-60601", - "id": "pyup.io-60601", - "more_info_path": "/vulnerabilities/PVE-2023-60601/60601", + "advisory": "A security vulnerability affects the composiohq composio library. The vulnerability exists in the Calculator function of the file python/composio/tools/local/mathematical/actions/calculator.py. Attackers can exploit this vulnerability to perform code injection, potentially executing arbitrary code on the target system. This vulnerability has been publicly disclosed and exploits may exist in the wild.", + "cve": "CVE-2024-8864", + "id": "pyup.io-73301", + "more_info_path": "/vulnerabilities/CVE-2024-8864/73301", "specs": [ - "<0.9.0" + ">=0" ], - "v": "<0.9.0" + "v": ">=0" } ], "conan": [ @@ -23914,6 +24219,16 @@ "<6.3.0" ], "v": "<6.3.0" + }, + { + "advisory": "Confidant affected versions contain a critical Cross-Site Scripting (XSS) vulnerability affecting multiple API endpoints for credential and service operations. This stored XSS flaw enables authenticated attackers with credential creation privileges to inject malicious scripts, potentially compromising other users' sessions, stealing sensitive information, or executing unauthorized actions. Inadequate input sanitization and improper content-type headers in API responses cause this vulnerability. Developers have patched the issue by implementing robust XSS protection measures, including security headers and proper content-type settings for API responses.", + "cve": "CVE-2024-45793", + "id": "pyup.io-73295", + "more_info_path": "/vulnerabilities/CVE-2024-45793/73295", + "specs": [ + "<6.6.2" + ], + "v": "<6.6.2" } ], "confidence": [ @@ -23942,14 +24257,14 @@ ], "configobj": [ { - "advisory": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer putting the offending value in a server side configuration file.\r\nhttps://github.com/DiffSK/configobj/issues/232", + "advisory": "The configobj package affected versions contains a Regular Expression Denial of Service (ReDoS) vulnerability in its validate function. The vulnerable regex (.+?)\\((.*)\\) allows attackers to cause denial of service using specially crafted input with nested parentheses. This issue primarily affects server-side applications using configobj for configuration parsing. The vulnerability is patched by modifying the regex to ([^\\(\\)]+?)\\((.*)\\), preventing matching of nested parentheses. \r\nNOTE: This is only exploitable in the case of a developer putting the offending value in a server side configuration file.", "cve": "CVE-2023-26112", "id": "pyup.io-54843", "more_info_path": "/vulnerabilities/CVE-2023-26112/54843", "specs": [ - ">=0" + "<5.0.9" ], - "v": ">=0" + "v": "<5.0.9" } ], "confire": [ @@ -23986,20 +24301,20 @@ "v": "<1.3.0" }, { - "advisory": "Confluent-kafka 1.4.0 fixes a security issue in the SASL SCRAM protocol handler the client nonce, which is expected to be a random string, was a static string.", - "cve": "PVE-2021-38165", - "id": "pyup.io-38165", - "more_info_path": "/vulnerabilities/PVE-2021-38165/38165", + "advisory": "Confluent-kafka 1.4.0 fixes a security issue in the SASL SCRAM protocol handler: If 'sasl.username' and 'sasl.password' contained characters that needed escaping, a buffer overflow and heap corruption would occur. This was protected, but too late, by an assertion.", + "cve": "PVE-2022-48601", + "id": "pyup.io-48601", + "more_info_path": "/vulnerabilities/PVE-2022-48601/48601", "specs": [ "<1.4.0" ], "v": "<1.4.0" }, { - "advisory": "Confluent-kafka 1.4.0 fixes a security issue in the SASL SCRAM protocol handler: If 'sasl.username' and 'sasl.password' contained characters that needed escaping, a buffer overflow and heap corruption would occur. This was protected, but too late, by an assertion.", - "cve": "PVE-2022-48601", - "id": "pyup.io-48601", - "more_info_path": "/vulnerabilities/PVE-2022-48601/48601", + "advisory": "Confluent-kafka 1.4.0 fixes a security issue in the SASL SCRAM protocol handler the client nonce, which is expected to be a random string, was a static string.", + "cve": "PVE-2021-38165", + "id": "pyup.io-38165", + "more_info_path": "/vulnerabilities/PVE-2021-38165/38165", "specs": [ "<1.4.0" ], @@ -24468,20 +24783,20 @@ ], "cornflow": [ { - "advisory": "Cornflow version 1.0.11 updates its `flask-cors` dependency from version 3.0.10 or lower to version 4.0.1 or lower in response to CVE-2024-1681.", - "cve": "CVE-2024-1681", - "id": "pyup.io-71025", - "more_info_path": "/vulnerabilities/CVE-2024-1681/71025", + "advisory": "Cornflow version 1.0.11 updates its Werkzeug dependency to version 3.0.3 or lower (previously <=2.3.8) to address the security vulnerability identified as CVE-2024-34069.", + "cve": "CVE-2024-34069", + "id": "pyup.io-71012", + "more_info_path": "/vulnerabilities/CVE-2024-34069/71012", "specs": [ "<1.0.11" ], "v": "<1.0.11" }, { - "advisory": "Cornflow version 1.0.11 updates its Werkzeug dependency to version 3.0.3 or lower (previously <=2.3.8) to address the security vulnerability identified as CVE-2024-34069.", - "cve": "CVE-2024-34069", - "id": "pyup.io-71012", - "more_info_path": "/vulnerabilities/CVE-2024-34069/71012", + "advisory": "Cornflow version 1.0.11 updates its `flask-cors` dependency from version 3.0.10 or lower to version 4.0.1 or lower in response to CVE-2024-1681.", + "cve": "CVE-2024-1681", + "id": "pyup.io-71025", + "more_info_path": "/vulnerabilities/CVE-2024-1681/71025", "specs": [ "<1.0.11" ], @@ -24506,6 +24821,16 @@ "<1.0.6" ], "v": "<1.0.6" + }, + { + "advisory": "Cornflow 1.1.1 updates its dependency 'requests' to v2.32.3 to include a security fix.", + "cve": "CVE-2024-35195", + "id": "pyup.io-73262", + "more_info_path": "/vulnerabilities/CVE-2024-35195/73262", + "specs": [ + "<1.1.1" + ], + "v": "<1.1.1" } ], "cortex": [ @@ -24639,9 +24964,19 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2018-20677", - "id": "pyup.io-49064", - "more_info_path": "/vulnerabilities/CVE-2018-20677/49064", + "cve": "CVE-2018-14040", + "id": "pyup.io-49066", + "more_info_path": "/vulnerabilities/CVE-2018-14040/49066", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, + { + "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", + "cve": "CVE-2016-10735", + "id": "pyup.io-49068", + "more_info_path": "/vulnerabilities/CVE-2016-10735/49068", "specs": [ "<0.13.0" ], @@ -24658,10 +24993,20 @@ "v": "<0.13.0" }, { - "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2016-10735", - "id": "pyup.io-49068", - "more_info_path": "/vulnerabilities/CVE-2016-10735/49068", + "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", + "cve": "CVE-2012-6708", + "id": "pyup.io-49057", + "more_info_path": "/vulnerabilities/CVE-2012-6708/49057", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, + { + "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", + "cve": "CVE-2019-11358", + "id": "pyup.io-49061", + "more_info_path": "/vulnerabilities/CVE-2019-11358/49061", "specs": [ "<0.13.0" ], @@ -24669,9 +25014,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2018-14040", - "id": "pyup.io-49066", - "more_info_path": "/vulnerabilities/CVE-2018-14040/49066", + "cve": "CVE-2018-20677", + "id": "pyup.io-49064", + "more_info_path": "/vulnerabilities/CVE-2018-20677/49064", "specs": [ "<0.13.0" ], @@ -24700,8 +25045,8 @@ { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", "cve": "CVE-2019-11358", - "id": "pyup.io-49061", - "more_info_path": "/vulnerabilities/CVE-2019-11358/49061", + "id": "pyup.io-49060", + "more_info_path": "/vulnerabilities/CVE-2019-11358/49060", "specs": [ "<0.13.0" ], @@ -24709,9 +25054,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2019-11358", - "id": "pyup.io-49060", - "more_info_path": "/vulnerabilities/CVE-2019-11358/49060", + "cve": "CVE-2015-9251", + "id": "pyup.io-49059", + "more_info_path": "/vulnerabilities/CVE-2015-9251/49059", "specs": [ "<0.13.0" ], @@ -24727,16 +25072,6 @@ ], "v": "<0.13.0" }, - { - "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2015-9251", - "id": "pyup.io-49059", - "more_info_path": "/vulnerabilities/CVE-2015-9251/49059", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" - }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", "cve": "CVE-2012-6708", @@ -24747,16 +25082,6 @@ ], "v": "<0.13.0" }, - { - "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2012-6708", - "id": "pyup.io-49057", - "more_info_path": "/vulnerabilities/CVE-2012-6708/49057", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" - }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", "cve": "CVE-2015-9251", @@ -25054,9 +25379,9 @@ }, { "advisory": "Cryptography 2.1.3 updates Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0g, that includes security fixes.", - "cve": "CVE-2017-3736", - "id": "pyup.io-50725", - "more_info_path": "/vulnerabilities/CVE-2017-3736/50725", + "cve": "CVE-2017-3735", + "id": "pyup.io-50724", + "more_info_path": "/vulnerabilities/CVE-2017-3735/50724", "specs": [ "<2.1.3" ], @@ -25064,9 +25389,9 @@ }, { "advisory": "Cryptography 2.1.3 updates Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.0g, that includes security fixes.", - "cve": "CVE-2017-3735", - "id": "pyup.io-50724", - "more_info_path": "/vulnerabilities/CVE-2017-3735/50724", + "cve": "CVE-2017-3736", + "id": "pyup.io-50725", + "more_info_path": "/vulnerabilities/CVE-2017-3736/50725", "specs": [ "<2.1.3" ], @@ -25112,6 +25437,16 @@ ], "v": "<39.0.1" }, + { + "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", + "cve": "CVE-2022-4203", + "id": "pyup.io-53301", + "more_info_path": "/vulnerabilities/CVE-2022-4203/53301", + "specs": [ + "<39.0.1" + ], + "v": "<39.0.1" + }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", "cve": "CVE-2023-0216", @@ -25162,16 +25497,6 @@ ], "v": "<39.0.1" }, - { - "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2022-4203", - "id": "pyup.io-53301", - "more_info_path": "/vulnerabilities/CVE-2022-4203/53301", - "specs": [ - "<39.0.1" - ], - "v": "<39.0.1" - }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", "cve": "CVE-2023-0215", @@ -25223,7 +25548,7 @@ "v": "<41.0.5" }, { - "advisory": "A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. See CVE-2023-50782.", + "advisory": "Affected versions of Cryptography may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.", "cve": "CVE-2023-50782", "id": "pyup.io-65278", "more_info_path": "/vulnerabilities/CVE-2023-50782/65278", @@ -25323,7 +25648,7 @@ "v": ">=0.8,<41.0.3" }, { - "advisory": "Cryptography 39.0.1 includes a fix for CVE-2023-23931: In affected versions 'Cipher.update_into' would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as 'bytes') to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This issue has been present since 'update_into' was originally introduced in cryptography 1.8.\r\nhttps://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r", + "advisory": "Cryptography 39.0.1 includes a fix for CVE-2023-23931: In affected versions 'Cipher.update_into' would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as 'bytes') to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This issue has been present since 'update_into' was originally introduced in cryptography 1.8.", "cve": "CVE-2023-23931", "id": "pyup.io-53048", "more_info_path": "/vulnerabilities/CVE-2023-23931/53048", @@ -25343,7 +25668,7 @@ "v": ">=1.9.0,<2.3" }, { - "advisory": "Cryptography 41.0.6 includes a fix for CVE-2023-49083: NULL-dereference when loading PKCS7 certificates.\r\nhttps://github.com/advisories/GHSA-jfhm-5ghh-2f97", + "advisory": "Affected versions of Cryptography are vulnerable to NULL-dereference when loading PKCS7 certificates. Calling 'load_pem_pkcs7_certificates' or 'load_der_pkcs7_certificates' could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability.", "cve": "CVE-2023-49083", "id": "pyup.io-62556", "more_info_path": "/vulnerabilities/CVE-2023-49083/62556", @@ -25384,9 +25709,9 @@ }, { "advisory": "Cryptography versions from 37.0.0 and before 38.0.2 include a statically linked copy of OpenSSL that has known vulnerabilities.\r\nhttps://github.com/pyca/cryptography/security/advisories/GHSA-39hc-v87j-747x", - "cve": "CVE-2022-3786", - "id": "pyup.io-52173", - "more_info_path": "/vulnerabilities/CVE-2022-3786/52173", + "cve": "CVE-2022-3602", + "id": "pyup.io-52174", + "more_info_path": "/vulnerabilities/CVE-2022-3602/52174", "specs": [ ">=37.0.0,<38.0.3" ], @@ -25394,9 +25719,9 @@ }, { "advisory": "Cryptography versions from 37.0.0 and before 38.0.2 include a statically linked copy of OpenSSL that has known vulnerabilities.\r\nhttps://github.com/pyca/cryptography/security/advisories/GHSA-39hc-v87j-747x", - "cve": "CVE-2022-3602", - "id": "pyup.io-52174", - "more_info_path": "/vulnerabilities/CVE-2022-3602/52174", + "cve": "CVE-2022-3786", + "id": "pyup.io-52173", + "more_info_path": "/vulnerabilities/CVE-2022-3786/52173", "specs": [ ">=37.0.0,<38.0.3" ], @@ -26469,9 +26794,9 @@ "dagster-cloud": [ { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1664", - "id": "pyup.io-52146", - "more_info_path": "/vulnerabilities/CVE-2022-1664/52146", + "cve": "CVE-2022-2509", + "id": "pyup.io-52163", + "more_info_path": "/vulnerabilities/CVE-2022-2509/52163", "specs": [ "<1.1.4" ], @@ -26479,9 +26804,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-2068", - "id": "pyup.io-52155", - "more_info_path": "/vulnerabilities/CVE-2022-2068/52155", + "cve": "CVE-2021-33574", + "id": "pyup.io-52153", + "more_info_path": "/vulnerabilities/CVE-2021-33574/52153", "specs": [ "<1.1.4" ], @@ -26489,9 +26814,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-37434", - "id": "pyup.io-52156", - "more_info_path": "/vulnerabilities/CVE-2022-37434/52156", + "cve": "CVE-2022-1587", + "id": "pyup.io-52157", + "more_info_path": "/vulnerabilities/CVE-2022-1587/52157", "specs": [ "<1.1.4" ], @@ -26499,9 +26824,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-2509", - "id": "pyup.io-52163", - "more_info_path": "/vulnerabilities/CVE-2022-2509/52163", + "cve": "CVE-2022-1664", + "id": "pyup.io-52146", + "more_info_path": "/vulnerabilities/CVE-2022-1664/52146", "specs": [ "<1.1.4" ], @@ -26519,9 +26844,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-46828", - "id": "pyup.io-52164", - "more_info_path": "/vulnerabilities/CVE-2021-46828/52164", + "cve": "CVE-2022-34903", + "id": "pyup.io-52167", + "more_info_path": "/vulnerabilities/CVE-2022-34903/52167", "specs": [ "<1.1.4" ], @@ -26529,9 +26854,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-33574", - "id": "pyup.io-52153", - "more_info_path": "/vulnerabilities/CVE-2021-33574/52153", + "cve": "CVE-2018-25032", + "id": "pyup.io-52166", + "more_info_path": "/vulnerabilities/CVE-2018-25032/52166", "specs": [ "<1.1.4" ], @@ -26539,9 +26864,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-23219", - "id": "pyup.io-52151", - "more_info_path": "/vulnerabilities/CVE-2022-23219/52151", + "cve": "CVE-2022-1292", + "id": "pyup.io-52154", + "more_info_path": "/vulnerabilities/CVE-2022-1292/52154", "specs": [ "<1.1.4" ], @@ -26549,9 +26874,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-3997", - "id": "pyup.io-52170", - "more_info_path": "/vulnerabilities/CVE-2021-3997/52170", + "cve": "CVE-2022-1271", + "id": "pyup.io-52159", + "more_info_path": "/vulnerabilities/CVE-2022-1271/52159", "specs": [ "<1.1.4" ], @@ -26559,9 +26884,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-23218", - "id": "pyup.io-52152", - "more_info_path": "/vulnerabilities/CVE-2022-23218/52152", + "cve": "CVE-2022-37434", + "id": "pyup.io-52156", + "more_info_path": "/vulnerabilities/CVE-2022-37434/52156", "specs": [ "<1.1.4" ], @@ -26569,9 +26894,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1292", - "id": "pyup.io-52154", - "more_info_path": "/vulnerabilities/CVE-2022-1292/52154", + "cve": "CVE-2021-46828", + "id": "pyup.io-52164", + "more_info_path": "/vulnerabilities/CVE-2021-46828/52164", "specs": [ "<1.1.4" ], @@ -26579,9 +26904,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-40674", - "id": "pyup.io-52150", - "more_info_path": "/vulnerabilities/CVE-2022-40674/52150", + "cve": "CVE-2022-0778", + "id": "pyup.io-52165", + "more_info_path": "/vulnerabilities/CVE-2022-0778/52165", "specs": [ "<1.1.4" ], @@ -26589,9 +26914,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-52166", - "more_info_path": "/vulnerabilities/CVE-2018-25032/52166", + "cve": "CVE-2021-3997", + "id": "pyup.io-52170", + "more_info_path": "/vulnerabilities/CVE-2021-3997/52170", "specs": [ "<1.1.4" ], @@ -26599,9 +26924,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-0778", - "id": "pyup.io-52165", - "more_info_path": "/vulnerabilities/CVE-2022-0778/52165", + "cve": "CVE-2022-23219", + "id": "pyup.io-52151", + "more_info_path": "/vulnerabilities/CVE-2022-23219/52151", "specs": [ "<1.1.4" ], @@ -26609,9 +26934,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1271", - "id": "pyup.io-52159", - "more_info_path": "/vulnerabilities/CVE-2022-1271/52159", + "cve": "CVE-2022-23218", + "id": "pyup.io-52152", + "more_info_path": "/vulnerabilities/CVE-2022-23218/52152", "specs": [ "<1.1.4" ], @@ -26619,9 +26944,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-34903", - "id": "pyup.io-52167", - "more_info_path": "/vulnerabilities/CVE-2022-34903/52167", + "cve": "CVE-2022-1586", + "id": "pyup.io-52158", + "more_info_path": "/vulnerabilities/CVE-2022-1586/52158", "specs": [ "<1.1.4" ], @@ -26629,9 +26954,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1587", - "id": "pyup.io-52157", - "more_info_path": "/vulnerabilities/CVE-2022-1587/52157", + "cve": "CVE-2022-2068", + "id": "pyup.io-52155", + "more_info_path": "/vulnerabilities/CVE-2022-2068/52155", "specs": [ "<1.1.4" ], @@ -26639,9 +26964,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-4209", - "id": "pyup.io-52168", - "more_info_path": "/vulnerabilities/CVE-2021-4209/52168", + "cve": "CVE-2021-4160", + "id": "pyup.io-52169", + "more_info_path": "/vulnerabilities/CVE-2021-4160/52169", "specs": [ "<1.1.4" ], @@ -26649,9 +26974,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1586", - "id": "pyup.io-52158", - "more_info_path": "/vulnerabilities/CVE-2022-1586/52158", + "cve": "CVE-2022-40674", + "id": "pyup.io-52150", + "more_info_path": "/vulnerabilities/CVE-2022-40674/52150", "specs": [ "<1.1.4" ], @@ -26659,9 +26984,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-4160", - "id": "pyup.io-52169", - "more_info_path": "/vulnerabilities/CVE-2021-4160/52169", + "cve": "CVE-2021-4209", + "id": "pyup.io-52168", + "more_info_path": "/vulnerabilities/CVE-2021-4209/52168", "specs": [ "<1.1.4" ], @@ -26960,20 +27285,20 @@ ], "dash-extensions": [ { - "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'mermaid' to v9.0.1 to include a security fix.", - "cve": "CVE-2021-43861", - "id": "pyup.io-48567", - "more_info_path": "/vulnerabilities/CVE-2021-43861/48567", + "advisory": "Dash-extensions 0.1.1 updates its dependency 'jsbeautifier' to v1.14.3 to include a fix for a ReDoS vulnerability.", + "cve": "PVE-2022-48568", + "id": "pyup.io-48568", + "more_info_path": "/vulnerabilities/PVE-2022-48568/48568", "specs": [ "<0.1.1" ], "v": "<0.1.1" }, { - "advisory": "Dash-extensions 0.1.1 updates its dependency 'jsbeautifier' to v1.14.3 to include a fix for a ReDoS vulnerability.", - "cve": "PVE-2022-48568", - "id": "pyup.io-48568", - "more_info_path": "/vulnerabilities/PVE-2022-48568/48568", + "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'mermaid' to v9.0.1 to include a security fix.", + "cve": "CVE-2021-43861", + "id": "pyup.io-48567", + "more_info_path": "/vulnerabilities/CVE-2021-43861/48567", "specs": [ "<0.1.1" ], @@ -26991,39 +27316,39 @@ }, { "advisory": "Dash-extensions 0.1.8 updates its dependency 'cryptography' to v 38.0.3 to include security fixes.", - "cve": "CVE-2022-3786", - "id": "pyup.io-52355", - "more_info_path": "/vulnerabilities/CVE-2022-3786/52355", + "cve": "CVE-2022-3602", + "id": "pyup.io-52356", + "more_info_path": "/vulnerabilities/CVE-2022-3602/52356", "specs": [ "<0.1.8" ], "v": "<0.1.8" }, { - "advisory": "Dash-extensions 0.1.8 updates its NPM dependency \"mermaid\" requirement to \"^9.2.2\" to include a security fix.", - "cve": "CVE-2022-31108", - "id": "pyup.io-52354", - "more_info_path": "/vulnerabilities/CVE-2022-31108/52354", + "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'loader-utils' to v3.2.1 to include security fixes.", + "cve": "CVE-2022-37603", + "id": "pyup.io-52353", + "more_info_path": "/vulnerabilities/CVE-2022-37603/52353", "specs": [ "<0.1.8" ], "v": "<0.1.8" }, { - "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'loader-utils' to v3.2.1 to include security fixes.", - "cve": "CVE-2022-37603", - "id": "pyup.io-52353", - "more_info_path": "/vulnerabilities/CVE-2022-37603/52353", + "advisory": "Dash-extensions 0.1.8 updates its dependency 'cryptography' to v 38.0.3 to include security fixes.", + "cve": "CVE-2022-3786", + "id": "pyup.io-52355", + "more_info_path": "/vulnerabilities/CVE-2022-3786/52355", "specs": [ "<0.1.8" ], "v": "<0.1.8" }, { - "advisory": "Dash-extensions 0.1.8 updates its dependency 'cryptography' to v 38.0.3 to include security fixes.", - "cve": "CVE-2022-3602", - "id": "pyup.io-52356", - "more_info_path": "/vulnerabilities/CVE-2022-3602/52356", + "advisory": "Dash-extensions 0.1.8 updates its NPM dependency \"mermaid\" requirement to \"^9.2.2\" to include a security fix.", + "cve": "CVE-2022-31108", + "id": "pyup.io-52354", + "more_info_path": "/vulnerabilities/CVE-2022-31108/52354", "specs": [ "<0.1.8" ], @@ -29009,9 +29334,9 @@ }, { "advisory": "Dds-cli 2.2.2 updates its dependency 'cryptography to v38.0.3 to include security fixes.", - "cve": "CVE-2022-3602", - "id": "pyup.io-61417", - "more_info_path": "/vulnerabilities/CVE-2022-3602/61417", + "cve": "CVE-2022-3786", + "id": "pyup.io-61432", + "more_info_path": "/vulnerabilities/CVE-2022-3786/61432", "specs": [ "<2.2.2" ], @@ -29019,9 +29344,9 @@ }, { "advisory": "Dds-cli 2.2.2 updates its dependency 'cryptography to v38.0.3 to include security fixes.", - "cve": "CVE-2022-3786", - "id": "pyup.io-61432", - "more_info_path": "/vulnerabilities/CVE-2022-3786/61432", + "cve": "CVE-2022-3602", + "id": "pyup.io-61417", + "more_info_path": "/vulnerabilities/CVE-2022-3602/61417", "specs": [ "<2.2.2" ], @@ -33041,9 +33366,9 @@ "id": "pyup.io-71381", "more_info_path": "/vulnerabilities/CVE-2023-6725/71381", "specs": [ - "<=18.0.0" + ">=0" ], - "v": "<=18.0.0" + "v": ">=0" } ], "destringcare": [ @@ -33133,9 +33458,9 @@ }, { "advisory": "Determined 0.17.0rc0 switches from debian:10.3-slim to ubuntu:20.04 and unattended-upgrades, to fix security issues.\r\nhttps://github.com/determined-ai/determined/pull/2914", - "cve": "CVE-2018-12886", - "id": "pyup.io-42148", - "more_info_path": "/vulnerabilities/CVE-2018-12886/42148", + "cve": "CVE-2019-17543", + "id": "pyup.io-45577", + "more_info_path": "/vulnerabilities/CVE-2019-17543/45577", "specs": [ "<0.17.0rc0" ], @@ -33143,14 +33468,44 @@ }, { "advisory": "Determined 0.17.0rc0 switches from debian:10.3-slim to ubuntu:20.04 and unattended-upgrades, to fix security issues.\r\nhttps://github.com/determined-ai/determined/pull/2914", - "cve": "CVE-2019-17543", - "id": "pyup.io-45577", - "more_info_path": "/vulnerabilities/CVE-2019-17543/45577", + "cve": "CVE-2018-12886", + "id": "pyup.io-42148", + "more_info_path": "/vulnerabilities/CVE-2018-12886/42148", "specs": [ "<0.17.0rc0" ], "v": "<0.17.0rc0" }, + { + "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", + "cve": "CVE-2021-41201", + "id": "pyup.io-43341", + "more_info_path": "/vulnerabilities/CVE-2021-41201/43341", + "specs": [ + "<0.17.4rc0" + ], + "v": "<0.17.4rc0" + }, + { + "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", + "cve": "CVE-2021-41215", + "id": "pyup.io-43333", + "more_info_path": "/vulnerabilities/CVE-2021-41215/43333", + "specs": [ + "<0.17.4rc0" + ], + "v": "<0.17.4rc0" + }, + { + "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", + "cve": "CVE-2021-41217", + "id": "pyup.io-43318", + "more_info_path": "/vulnerabilities/CVE-2021-41217/43318", + "specs": [ + "<0.17.4rc0" + ], + "v": "<0.17.4rc0" + }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", "cve": "CVE-2021-41198", @@ -33193,19 +33548,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41216", - "id": "pyup.io-43332", - "more_info_path": "/vulnerabilities/CVE-2021-41216/43332", - "specs": [ - "<0.17.4rc0" - ], - "v": "<0.17.4rc0" - }, - { - "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41218", - "id": "pyup.io-43331", - "more_info_path": "/vulnerabilities/CVE-2021-41218/43331", + "cve": "CVE-2021-41206", + "id": "pyup.io-43335", + "more_info_path": "/vulnerabilities/CVE-2021-41206/43335", "specs": [ "<0.17.4rc0" ], @@ -33253,9 +33598,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41203", - "id": "pyup.io-43316", - "more_info_path": "/vulnerabilities/CVE-2021-41203/43316", + "cve": "CVE-2021-41218", + "id": "pyup.io-43331", + "more_info_path": "/vulnerabilities/CVE-2021-41218/43331", "specs": [ "<0.17.4rc0" ], @@ -33263,9 +33608,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41213", - "id": "pyup.io-43326", - "more_info_path": "/vulnerabilities/CVE-2021-41213/43326", + "cve": "CVE-2021-41222", + "id": "pyup.io-43329", + "more_info_path": "/vulnerabilities/CVE-2021-41222/43329", "specs": [ "<0.17.4rc0" ], @@ -33273,9 +33618,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41201", - "id": "pyup.io-43341", - "more_info_path": "/vulnerabilities/CVE-2021-41201/43341", + "cve": "CVE-2021-41203", + "id": "pyup.io-43316", + "more_info_path": "/vulnerabilities/CVE-2021-41203/43316", "specs": [ "<0.17.4rc0" ], @@ -33283,9 +33628,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41226", - "id": "pyup.io-43322", - "more_info_path": "/vulnerabilities/CVE-2021-41226/43322", + "cve": "CVE-2021-41195", + "id": "pyup.io-43343", + "more_info_path": "/vulnerabilities/CVE-2021-41195/43343", "specs": [ "<0.17.4rc0" ], @@ -33293,9 +33638,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41215", - "id": "pyup.io-43333", - "more_info_path": "/vulnerabilities/CVE-2021-41215/43333", + "cve": "CVE-2021-41213", + "id": "pyup.io-43326", + "more_info_path": "/vulnerabilities/CVE-2021-41213/43326", "specs": [ "<0.17.4rc0" ], @@ -33303,9 +33648,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41205", - "id": "pyup.io-43336", - "more_info_path": "/vulnerabilities/CVE-2021-41205/43336", + "cve": "CVE-2021-41221", + "id": "pyup.io-43324", + "more_info_path": "/vulnerabilities/CVE-2021-41221/43324", "specs": [ "<0.17.4rc0" ], @@ -33313,9 +33658,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41217", - "id": "pyup.io-43318", - "more_info_path": "/vulnerabilities/CVE-2021-41217/43318", + "cve": "CVE-2021-41216", + "id": "pyup.io-43332", + "more_info_path": "/vulnerabilities/CVE-2021-41216/43332", "specs": [ "<0.17.4rc0" ], @@ -33323,9 +33668,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41225", - "id": "pyup.io-43321", - "more_info_path": "/vulnerabilities/CVE-2021-41225/43321", + "cve": "CVE-2021-41209", + "id": "pyup.io-43325", + "more_info_path": "/vulnerabilities/CVE-2021-41209/43325", "specs": [ "<0.17.4rc0" ], @@ -33333,9 +33678,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41202", - "id": "pyup.io-43340", - "more_info_path": "/vulnerabilities/CVE-2021-41202/43340", + "cve": "CVE-2021-41210", + "id": "pyup.io-43338", + "more_info_path": "/vulnerabilities/CVE-2021-41210/43338", "specs": [ "<0.17.4rc0" ], @@ -33343,9 +33688,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41195", - "id": "pyup.io-43343", - "more_info_path": "/vulnerabilities/CVE-2021-41195/43343", + "cve": "CVE-2021-41226", + "id": "pyup.io-43322", + "more_info_path": "/vulnerabilities/CVE-2021-41226/43322", "specs": [ "<0.17.4rc0" ], @@ -33353,9 +33698,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41224", - "id": "pyup.io-43330", - "more_info_path": "/vulnerabilities/CVE-2021-41224/43330", + "cve": "CVE-2021-41205", + "id": "pyup.io-43336", + "more_info_path": "/vulnerabilities/CVE-2021-41205/43336", "specs": [ "<0.17.4rc0" ], @@ -33363,9 +33708,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41208", - "id": "pyup.io-43334", - "more_info_path": "/vulnerabilities/CVE-2021-41208/43334", + "cve": "CVE-2021-41225", + "id": "pyup.io-43321", + "more_info_path": "/vulnerabilities/CVE-2021-41225/43321", "specs": [ "<0.17.4rc0" ], @@ -33373,9 +33718,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41209", - "id": "pyup.io-43325", - "more_info_path": "/vulnerabilities/CVE-2021-41209/43325", + "cve": "CVE-2021-41202", + "id": "pyup.io-43340", + "more_info_path": "/vulnerabilities/CVE-2021-41202/43340", "specs": [ "<0.17.4rc0" ], @@ -33383,9 +33728,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41206", - "id": "pyup.io-43335", - "more_info_path": "/vulnerabilities/CVE-2021-41206/43335", + "cve": "CVE-2021-41224", + "id": "pyup.io-43330", + "more_info_path": "/vulnerabilities/CVE-2021-41224/43330", "specs": [ "<0.17.4rc0" ], @@ -33393,9 +33738,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41227", - "id": "pyup.io-43323", - "more_info_path": "/vulnerabilities/CVE-2021-41227/43323", + "cve": "CVE-2021-41208", + "id": "pyup.io-43334", + "more_info_path": "/vulnerabilities/CVE-2021-41208/43334", "specs": [ "<0.17.4rc0" ], @@ -33403,9 +33748,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41200", - "id": "pyup.io-43317", - "more_info_path": "/vulnerabilities/CVE-2021-41200/43317", + "cve": "CVE-2021-41227", + "id": "pyup.io-43323", + "more_info_path": "/vulnerabilities/CVE-2021-41227/43323", "specs": [ "<0.17.4rc0" ], @@ -33413,9 +33758,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41222", - "id": "pyup.io-43329", - "more_info_path": "/vulnerabilities/CVE-2021-41222/43329", + "cve": "CVE-2021-41200", + "id": "pyup.io-43317", + "more_info_path": "/vulnerabilities/CVE-2021-41200/43317", "specs": [ "<0.17.4rc0" ], @@ -33431,26 +33776,6 @@ ], "v": "<0.17.4rc0" }, - { - "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41221", - "id": "pyup.io-43324", - "more_info_path": "/vulnerabilities/CVE-2021-41221/43324", - "specs": [ - "<0.17.4rc0" - ], - "v": "<0.17.4rc0" - }, - { - "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41210", - "id": "pyup.io-43338", - "more_info_path": "/vulnerabilities/CVE-2021-41210/43338", - "specs": [ - "<0.17.4rc0" - ], - "v": "<0.17.4rc0" - }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", "cve": "CVE-2021-41219", @@ -33473,9 +33798,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2020-10109", - "id": "pyup.io-54967", - "more_info_path": "/vulnerabilities/CVE-2020-10109/54967", + "cve": "CVE-2019-14234", + "id": "pyup.io-54970", + "more_info_path": "/vulnerabilities/CVE-2019-14234/54970", "specs": [ "<0.17.6" ], @@ -33483,9 +33808,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2019-14234", - "id": "pyup.io-54970", - "more_info_path": "/vulnerabilities/CVE-2019-14234/54970", + "cve": "CVE-2020-7471", + "id": "pyup.io-54968", + "more_info_path": "/vulnerabilities/CVE-2020-7471/54968", "specs": [ "<0.17.6" ], @@ -33493,9 +33818,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2020-7471", - "id": "pyup.io-54968", - "more_info_path": "/vulnerabilities/CVE-2020-7471/54968", + "cve": "CVE-2020-10108", + "id": "pyup.io-44642", + "more_info_path": "/vulnerabilities/CVE-2020-10108/44642", "specs": [ "<0.17.6" ], @@ -33503,9 +33828,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2019-9512", - "id": "pyup.io-54969", - "more_info_path": "/vulnerabilities/CVE-2019-9512/54969", + "cve": "CVE-2020-10109", + "id": "pyup.io-54967", + "more_info_path": "/vulnerabilities/CVE-2020-10109/54967", "specs": [ "<0.17.6" ], @@ -33513,9 +33838,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2020-10108", - "id": "pyup.io-44642", - "more_info_path": "/vulnerabilities/CVE-2020-10108/44642", + "cve": "CVE-2019-9512", + "id": "pyup.io-54969", + "more_info_path": "/vulnerabilities/CVE-2019-9512/54969", "specs": [ "<0.17.6" ], @@ -33533,9 +33858,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29206", - "id": "pyup.io-49553", - "more_info_path": "/vulnerabilities/CVE-2022-29206/49553", + "cve": "CVE-2022-27777", + "id": "pyup.io-49533", + "more_info_path": "/vulnerabilities/CVE-2022-27777/49533", "specs": [ "<0.18.2" ], @@ -33543,9 +33868,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29197", - "id": "pyup.io-49544", - "more_info_path": "/vulnerabilities/CVE-2022-29197/49544", + "cve": "CVE-2022-29216", + "id": "pyup.io-49560", + "more_info_path": "/vulnerabilities/CVE-2022-29216/49560", "specs": [ "<0.18.2" ], @@ -33553,9 +33878,59 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29203", - "id": "pyup.io-49550", - "more_info_path": "/vulnerabilities/CVE-2022-29203/49550", + "cve": "CVE-2022-29194", + "id": "pyup.io-49541", + "more_info_path": "/vulnerabilities/CVE-2022-29194/49541", + "specs": [ + "<0.18.2" + ], + "v": "<0.18.2" + }, + { + "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", + "cve": "CVE-2022-29196", + "id": "pyup.io-49543", + "more_info_path": "/vulnerabilities/CVE-2022-29196/49543", + "specs": [ + "<0.18.2" + ], + "v": "<0.18.2" + }, + { + "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", + "cve": "CVE-2022-29209", + "id": "pyup.io-49556", + "more_info_path": "/vulnerabilities/CVE-2022-29209/49556", + "specs": [ + "<0.18.2" + ], + "v": "<0.18.2" + }, + { + "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", + "cve": "CVE-2022-29200", + "id": "pyup.io-49547", + "more_info_path": "/vulnerabilities/CVE-2022-29200/49547", + "specs": [ + "<0.18.2" + ], + "v": "<0.18.2" + }, + { + "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", + "cve": "CVE-2022-29193", + "id": "pyup.io-49540", + "more_info_path": "/vulnerabilities/CVE-2022-29193/49540", + "specs": [ + "<0.18.2" + ], + "v": "<0.18.2" + }, + { + "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", + "cve": "CVE-2022-29206", + "id": "pyup.io-49553", + "more_info_path": "/vulnerabilities/CVE-2022-29206/49553", "specs": [ "<0.18.2" ], @@ -33591,26 +33966,6 @@ ], "v": "<0.18.2" }, - { - "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29205", - "id": "pyup.io-49552", - "more_info_path": "/vulnerabilities/CVE-2022-29205/49552", - "specs": [ - "<0.18.2" - ], - "v": "<0.18.2" - }, - { - "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29209", - "id": "pyup.io-49556", - "more_info_path": "/vulnerabilities/CVE-2022-29209/49556", - "specs": [ - "<0.18.2" - ], - "v": "<0.18.2" - }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", "cve": "CVE-2022-27776", @@ -33621,16 +33976,6 @@ ], "v": "<0.18.2" }, - { - "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29200", - "id": "pyup.io-49547", - "more_info_path": "/vulnerabilities/CVE-2022-29200/49547", - "specs": [ - "<0.18.2" - ], - "v": "<0.18.2" - }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", "cve": "CVE-2022-27780", @@ -33643,29 +33988,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29193", - "id": "pyup.io-49540", - "more_info_path": "/vulnerabilities/CVE-2022-29193/49540", - "specs": [ - "<0.18.2" - ], - "v": "<0.18.2" - }, - { - "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29196", - "id": "pyup.io-49543", - "more_info_path": "/vulnerabilities/CVE-2022-29196/49543", - "specs": [ - "<0.18.2" - ], - "v": "<0.18.2" - }, - { - "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29192", - "id": "pyup.io-49539", - "more_info_path": "/vulnerabilities/CVE-2022-29192/49539", + "cve": "CVE-2022-30115", + "id": "pyup.io-49561", + "more_info_path": "/vulnerabilities/CVE-2022-30115/49561", "specs": [ "<0.18.2" ], @@ -33673,9 +33998,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-30115", - "id": "pyup.io-49561", - "more_info_path": "/vulnerabilities/CVE-2022-30115/49561", + "cve": "CVE-2022-27775", + "id": "pyup.io-49531", + "more_info_path": "/vulnerabilities/CVE-2022-27775/49531", "specs": [ "<0.18.2" ], @@ -33683,9 +34008,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29198", - "id": "pyup.io-49545", - "more_info_path": "/vulnerabilities/CVE-2022-29198/49545", + "cve": "CVE-2022-29195", + "id": "pyup.io-49542", + "more_info_path": "/vulnerabilities/CVE-2022-29195/49542", "specs": [ "<0.18.2" ], @@ -33693,9 +34018,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27775", - "id": "pyup.io-49531", - "more_info_path": "/vulnerabilities/CVE-2022-27775/49531", + "cve": "CVE-2022-27774", + "id": "pyup.io-49530", + "more_info_path": "/vulnerabilities/CVE-2022-27774/49530", "specs": [ "<0.18.2" ], @@ -33703,9 +34028,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29191", - "id": "pyup.io-49538", - "more_info_path": "/vulnerabilities/CVE-2022-29191/49538", + "cve": "CVE-2018-25032", + "id": "pyup.io-49422", + "more_info_path": "/vulnerabilities/CVE-2018-25032/49422", "specs": [ "<0.18.2" ], @@ -33713,9 +34038,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29208", - "id": "pyup.io-49555", - "more_info_path": "/vulnerabilities/CVE-2022-29208/49555", + "cve": "CVE-2022-29197", + "id": "pyup.io-49544", + "more_info_path": "/vulnerabilities/CVE-2022-29197/49544", "specs": [ "<0.18.2" ], @@ -33723,9 +34048,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29207", - "id": "pyup.io-49554", - "more_info_path": "/vulnerabilities/CVE-2022-29207/49554", + "cve": "CVE-2022-29203", + "id": "pyup.io-49550", + "more_info_path": "/vulnerabilities/CVE-2022-29203/49550", "specs": [ "<0.18.2" ], @@ -33733,9 +34058,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27778", - "id": "pyup.io-49534", - "more_info_path": "/vulnerabilities/CVE-2022-27778/49534", + "cve": "CVE-2022-29211", + "id": "pyup.io-49557", + "more_info_path": "/vulnerabilities/CVE-2022-29211/49557", "specs": [ "<0.18.2" ], @@ -33743,9 +34068,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29204", - "id": "pyup.io-49551", - "more_info_path": "/vulnerabilities/CVE-2022-29204/49551", + "cve": "CVE-2022-29205", + "id": "pyup.io-49552", + "more_info_path": "/vulnerabilities/CVE-2022-29205/49552", "specs": [ "<0.18.2" ], @@ -33753,9 +34078,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29216", - "id": "pyup.io-49560", - "more_info_path": "/vulnerabilities/CVE-2022-29216/49560", + "cve": "CVE-2022-29208", + "id": "pyup.io-49555", + "more_info_path": "/vulnerabilities/CVE-2022-29208/49555", "specs": [ "<0.18.2" ], @@ -33763,9 +34088,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27779", - "id": "pyup.io-49535", - "more_info_path": "/vulnerabilities/CVE-2022-27779/49535", + "cve": "CVE-2022-22576", + "id": "pyup.io-49529", + "more_info_path": "/vulnerabilities/CVE-2022-22576/49529", "specs": [ "<0.18.2" ], @@ -33773,9 +34098,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29195", - "id": "pyup.io-49542", - "more_info_path": "/vulnerabilities/CVE-2022-29195/49542", + "cve": "CVE-2022-29192", + "id": "pyup.io-49539", + "more_info_path": "/vulnerabilities/CVE-2022-29192/49539", "specs": [ "<0.18.2" ], @@ -33783,9 +34108,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29201", - "id": "pyup.io-49548", - "more_info_path": "/vulnerabilities/CVE-2022-29201/49548", + "cve": "CVE-2022-29198", + "id": "pyup.io-49545", + "more_info_path": "/vulnerabilities/CVE-2022-29198/49545", "specs": [ "<0.18.2" ], @@ -33793,9 +34118,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29213", - "id": "pyup.io-49559", - "more_info_path": "/vulnerabilities/CVE-2022-29213/49559", + "cve": "CVE-2022-29191", + "id": "pyup.io-49538", + "more_info_path": "/vulnerabilities/CVE-2022-29191/49538", "specs": [ "<0.18.2" ], @@ -33803,9 +34128,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29202", - "id": "pyup.io-49549", - "more_info_path": "/vulnerabilities/CVE-2022-29202/49549", + "cve": "CVE-2022-29207", + "id": "pyup.io-49554", + "more_info_path": "/vulnerabilities/CVE-2022-29207/49554", "specs": [ "<0.18.2" ], @@ -33813,9 +34138,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27774", - "id": "pyup.io-49530", - "more_info_path": "/vulnerabilities/CVE-2022-27774/49530", + "cve": "CVE-2022-27778", + "id": "pyup.io-49534", + "more_info_path": "/vulnerabilities/CVE-2022-27778/49534", "specs": [ "<0.18.2" ], @@ -33823,9 +34148,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29211", - "id": "pyup.io-49557", - "more_info_path": "/vulnerabilities/CVE-2022-29211/49557", + "cve": "CVE-2022-29204", + "id": "pyup.io-49551", + "more_info_path": "/vulnerabilities/CVE-2022-29204/49551", "specs": [ "<0.18.2" ], @@ -33833,9 +34158,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29194", - "id": "pyup.io-49541", - "more_info_path": "/vulnerabilities/CVE-2022-29194/49541", + "cve": "CVE-2022-27779", + "id": "pyup.io-49535", + "more_info_path": "/vulnerabilities/CVE-2022-27779/49535", "specs": [ "<0.18.2" ], @@ -33843,9 +34168,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27777", - "id": "pyup.io-49533", - "more_info_path": "/vulnerabilities/CVE-2022-27777/49533", + "cve": "CVE-2022-29201", + "id": "pyup.io-49548", + "more_info_path": "/vulnerabilities/CVE-2022-29201/49548", "specs": [ "<0.18.2" ], @@ -33853,9 +34178,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-49422", - "more_info_path": "/vulnerabilities/CVE-2018-25032/49422", + "cve": "CVE-2022-29213", + "id": "pyup.io-49559", + "more_info_path": "/vulnerabilities/CVE-2022-29213/49559", "specs": [ "<0.18.2" ], @@ -33863,9 +34188,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-22576", - "id": "pyup.io-49529", - "more_info_path": "/vulnerabilities/CVE-2022-22576/49529", + "cve": "CVE-2022-29202", + "id": "pyup.io-49549", + "more_info_path": "/vulnerabilities/CVE-2022-29202/49549", "specs": [ "<0.18.2" ], @@ -33892,20 +34217,20 @@ "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'eventsource' to v1.1.2 to include a security fix.", - "cve": "CVE-2022-1650", - "id": "pyup.io-50973", - "more_info_path": "/vulnerabilities/CVE-2022-1650/50973", + "advisory": "Determined 0.19.3 updates its NPM dependency 'async' to v2.6.4 to include a security fix.", + "cve": "CVE-2021-43138", + "id": "pyup.io-50972", + "more_info_path": "/vulnerabilities/CVE-2021-43138/50972", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'terser' to v4.8.1 to include a security fix.", - "cve": "CVE-2022-25858", - "id": "pyup.io-50977", - "more_info_path": "/vulnerabilities/CVE-2022-25858/50977", + "advisory": "Determined 0.19.3 updates its NPM dependency 'eventsource' to v1.1.2 to include a security fix.", + "cve": "CVE-2022-1650", + "id": "pyup.io-50973", + "more_info_path": "/vulnerabilities/CVE-2022-1650/50973", "specs": [ "<0.19.3" ], @@ -33913,19 +34238,19 @@ }, { "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0691", - "id": "pyup.io-50981", - "more_info_path": "/vulnerabilities/CVE-2022-0691/50981", + "cve": "CVE-2022-0686", + "id": "pyup.io-50980", + "more_info_path": "/vulnerabilities/CVE-2022-0686/50980", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", - "cve": "CVE-2022-0536", - "id": "pyup.io-50974", - "more_info_path": "/vulnerabilities/CVE-2022-0536/50974", + "advisory": "Determined 0.19.3 updates its NPM dependency 'ansi-regex' to v3.0.1 to include a security fix.", + "cve": "CVE-2021-3807", + "id": "pyup.io-50971", + "more_info_path": "/vulnerabilities/CVE-2021-3807/50971", "specs": [ "<0.19.3" ], @@ -33933,29 +34258,29 @@ }, { "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0639", - "id": "pyup.io-50979", - "more_info_path": "/vulnerabilities/CVE-2022-0639/50979", + "cve": "CVE-2022-0512", + "id": "pyup.io-50982", + "more_info_path": "/vulnerabilities/CVE-2022-0512/50982", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0686", - "id": "pyup.io-50980", - "more_info_path": "/vulnerabilities/CVE-2022-0686/50980", + "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", + "cve": "CVE-2022-0155", + "id": "pyup.io-50975", + "more_info_path": "/vulnerabilities/CVE-2022-0155/50975", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'ansi-regex' to v3.0.1 to include a security fix.", - "cve": "CVE-2021-3807", - "id": "pyup.io-50971", - "more_info_path": "/vulnerabilities/CVE-2021-3807/50971", + "advisory": "Determined 0.19.3 updates its NPM dependency 'terser' to v4.8.1 to include a security fix.", + "cve": "CVE-2022-25858", + "id": "pyup.io-50977", + "more_info_path": "/vulnerabilities/CVE-2022-25858/50977", "specs": [ "<0.19.3" ], @@ -33963,9 +34288,9 @@ }, { "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0512", - "id": "pyup.io-50982", - "more_info_path": "/vulnerabilities/CVE-2022-0512/50982", + "cve": "CVE-2022-0691", + "id": "pyup.io-50981", + "more_info_path": "/vulnerabilities/CVE-2022-0691/50981", "specs": [ "<0.19.3" ], @@ -33973,19 +34298,19 @@ }, { "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", - "cve": "CVE-2022-0155", - "id": "pyup.io-50975", - "more_info_path": "/vulnerabilities/CVE-2022-0155/50975", + "cve": "CVE-2022-0536", + "id": "pyup.io-50974", + "more_info_path": "/vulnerabilities/CVE-2022-0536/50974", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'async' to v2.6.4 to include a security fix.", - "cve": "CVE-2021-43138", - "id": "pyup.io-50972", - "more_info_path": "/vulnerabilities/CVE-2021-43138/50972", + "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", + "cve": "CVE-2022-0639", + "id": "pyup.io-50979", + "more_info_path": "/vulnerabilities/CVE-2022-0639/50979", "specs": [ "<0.19.3" ], @@ -35504,10 +35829,10 @@ "v": "<4.2.14,>=5.0a1,<5.0.7" }, { - "advisory": "Affected versions of Django are affected by a potential denial-of-service vulnerability in the django.utils.html.urlize() function. The urlize and urlizetrunc template filters were susceptible to a denial-of-service attack via certain inputs containing many brackets. An attacker could exploit this vulnerability to cause significant delays or crashes in the affected application.", - "cve": "CVE-2024-38875", - "id": "pyup.io-72095", - "more_info_path": "/vulnerabilities/CVE-2024-38875/72095", + "advisory": "Affected versions of Django are potentially vulnerable to denial-of-service via the get_supported_language_variant() method. This method was susceptible to a denial-of-service attack when used with very long strings containing specific characters. Exploiting this vulnerability could cause significant delays or crashes in the affected application, potentially leading to service disruption.", + "cve": "CVE-2024-39614", + "id": "pyup.io-72111", + "more_info_path": "/vulnerabilities/CVE-2024-39614/72111", "specs": [ "<4.2.14", ">=5.0a1,<5.0.7" @@ -35515,10 +35840,10 @@ "v": "<4.2.14,>=5.0a1,<5.0.7" }, { - "advisory": "Affected versions of Django are potentially vulnerable to denial-of-service via the get_supported_language_variant() method. This method was susceptible to a denial-of-service attack when used with very long strings containing specific characters. Exploiting this vulnerability could cause significant delays or crashes in the affected application, potentially leading to service disruption.", - "cve": "CVE-2024-39614", - "id": "pyup.io-72111", - "more_info_path": "/vulnerabilities/CVE-2024-39614/72111", + "advisory": "Affected versions of Django are affected by a potential denial-of-service vulnerability in the django.utils.html.urlize() function. The urlize and urlizetrunc template filters were susceptible to a denial-of-service attack via certain inputs containing many brackets. An attacker could exploit this vulnerability to cause significant delays or crashes in the affected application.", + "cve": "CVE-2024-38875", + "id": "pyup.io-72095", + "more_info_path": "/vulnerabilities/CVE-2024-38875/72095", "specs": [ "<4.2.14", ">=5.0a1,<5.0.7" @@ -35537,10 +35862,10 @@ "v": "<4.2.15,>=5.0a1,<5.0.8" }, { - "advisory": "Django has a potential SQL injection vulnerability in the QuerySet.values() and QuerySet.values_list() methods. When used on models with a JSONField, these methods are susceptible to SQL injection through column aliases if a crafted JSON object key is passed as an argument.", - "cve": "CVE-2024-42005", - "id": "pyup.io-72521", - "more_info_path": "/vulnerabilities/CVE-2024-42005/72521", + "advisory": "Django addresses a memory exhaustion issue in django.utils.numberformat.floatformat(). When floatformat receives a string representation of a number in scientific notation with a large exponent, it could lead to excessive memory consumption. To prevent this, decimals with more than 200 digits are now returned as-is.", + "cve": "CVE-2024-41990", + "id": "pyup.io-72515", + "more_info_path": "/vulnerabilities/CVE-2024-41990/72515", "specs": [ "<4.2.15", ">=5.0a1,<5.0.8" @@ -35548,10 +35873,10 @@ "v": "<4.2.15,>=5.0a1,<5.0.8" }, { - "advisory": "Django has a potential denial-of-service vulnerability in django.utils.html.urlize(). The urlize and urlizetrunc functions are susceptible to a possible attack through huge inputs containing a specific sequence of characters.", - "cve": "CVE-2024-41990", - "id": "pyup.io-72519", - "more_info_path": "/vulnerabilities/CVE-2024-41990/72519", + "advisory": "Affected versions of Django has a potential SQL injection vulnerability in the QuerySet.values() and QuerySet.values_list() methods. When used on models with a JSONField, these methods are susceptible to SQL injection through column aliases if a crafted JSON object key is passed as an argument.", + "cve": "CVE-2024-42005", + "id": "pyup.io-72521", + "more_info_path": "/vulnerabilities/CVE-2024-42005/72521", "specs": [ "<4.2.15", ">=5.0a1,<5.0.8" @@ -35559,15 +35884,28 @@ "v": "<4.2.15,>=5.0a1,<5.0.8" }, { - "advisory": "Django addresses a memory exhaustion issue in django.utils.numberformat.floatformat(). When floatformat receives a string representation of a number in scientific notation with a large exponent, it could lead to excessive memory consumption. To prevent this, decimals with more than 200 digits are now returned as-is.", - "cve": "CVE-2024-41990", - "id": "pyup.io-72515", - "more_info_path": "/vulnerabilities/CVE-2024-41990/72515", + "advisory": "A security vulnerability has been discovered in certain versions of Django, affecting the password reset functionality. The PasswordResetForm class in django.contrib.auth.forms inadvertently allowed attackers to enumerate user email addresses by exploiting unhandled exceptions during the email sending process. This could be done by issuing password reset requests and observing the responses. To mitigate this risk, Django has implemented a fix where these exceptions are now caught and logged using the django.contrib.auth logger, preventing potential information leakage through error responses.", + "cve": "CVE-2024-45231", + "id": "pyup.io-73028", + "more_info_path": "/vulnerabilities/CVE-2024-45231/73028", "specs": [ - "<4.2.15", - ">=5.0a1,<5.0.8" + "<4.2.16", + ">=5.0a1,<5.0.9", + ">=5.1a1,<5.1.1" ], - "v": "<4.2.15,>=5.0a1,<5.0.8" + "v": "<4.2.16,>=5.0a1,<5.0.9,>=5.1a1,<5.1.1" + }, + { + "advisory": "A potential denial-of-service vulnerability has been identified in Django's urlize() and urlizetrunc() functions in django.utils.html. This vulnerability can be triggered by inputting huge strings containing a specific sequence of characters.", + "cve": "CVE-2024-45230", + "id": "pyup.io-73023", + "more_info_path": "/vulnerabilities/CVE-2024-45230/73023", + "specs": [ + "<4.2.16", + ">=5.0a1,<5.0.9", + ">=5.1a1,<5.1.1" + ], + "v": "<4.2.16,>=5.0a1,<5.0.9,>=5.1a1,<5.1.1" }, { "advisory": "bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.", @@ -35590,10 +35928,10 @@ "v": "<=0.95" }, { - "advisory": "Django versions until 1.3.6 and from 1.4 to 1.4.4 can be compromised through XML External Entity (XXE) attacks. These attacks allow an attacker to read arbitrary files by utilizing an XML external entity declaration along with an entity reference. The vulnerability stems from XML processing systems that, by default, accept external entity specifications. This can lead to unauthorized disclosure of sensitive information, such as passwords or private user data, by accessing local or remote files and possibly impact application availability by overloading the application with data\u2014raising the risk of a Denial of Service (DoS).", - "cve": "PVE-2024-99805", - "id": "pyup.io-66010", - "more_info_path": "/vulnerabilities/PVE-2024-99805/66010", + "advisory": "Django versions until 1.3.6 and from 1.4 to 1.4.4 are vulnerable to Denial of Service (DoS) attacks. These attacks exploit a weakness during the deserialization of XML objects, related to CVE-2013-1664. DoS vulnerabilities, including this one, can severely impair system accessibility for legitimate users without necessarily compromising the security of the system. They achieve this by overwhelming the service with an excessive load, either through high CPU/memory consumption or by causing the system to crash.", + "cve": "PVE-2024-99804", + "id": "pyup.io-66011", + "more_info_path": "/vulnerabilities/PVE-2024-99804/66011", "specs": [ ">=0,<1.3.6", ">=1.4,<1.4.4" @@ -35601,10 +35939,10 @@ "v": ">=0,<1.3.6,>=1.4,<1.4.4" }, { - "advisory": "Django versions until 1.3.6 and from 1.4 to 1.4.4 are vulnerable to Denial of Service (DoS) attacks. These attacks exploit a weakness during the deserialization of XML objects, related to CVE-2013-1664. DoS vulnerabilities, including this one, can severely impair system accessibility for legitimate users without necessarily compromising the security of the system. They achieve this by overwhelming the service with an excessive load, either through high CPU/memory consumption or by causing the system to crash.", - "cve": "PVE-2024-99804", - "id": "pyup.io-66011", - "more_info_path": "/vulnerabilities/PVE-2024-99804/66011", + "advisory": "Django versions until 1.3.6 and from 1.4 to 1.4.4 can be compromised through XML External Entity (XXE) attacks. These attacks allow an attacker to read arbitrary files by utilizing an XML external entity declaration along with an entity reference. The vulnerability stems from XML processing systems that, by default, accept external entity specifications. This can lead to unauthorized disclosure of sensitive information, such as passwords or private user data, by accessing local or remote files and possibly impact application availability by overloading the application with data\u2014raising the risk of a Denial of Service (DoS).", + "cve": "PVE-2024-99805", + "id": "pyup.io-66010", + "more_info_path": "/vulnerabilities/PVE-2024-99805/66010", "specs": [ ">=0,<1.3.6", ">=1.4,<1.4.4" @@ -35682,10 +36020,10 @@ "v": ">=1.11a1,<1.11.22,>=2.2a1,<2.2.3,>=2.1a1,<2.1.10" }, { - "advisory": "Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14234: Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.", - "cve": "CVE-2019-14234", - "id": "pyup.io-39592", - "more_info_path": "/vulnerabilities/CVE-2019-14234/39592", + "advisory": "Django 1.11.23, 2.1.11, and 2.2.4 include a fix for CVE-2019-14233: Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.", + "cve": "CVE-2019-14233", + "id": "pyup.io-39593", + "more_info_path": "/vulnerabilities/CVE-2019-14233/39593", "specs": [ ">=1.11a1,<1.11.23", ">=2.0a1,<2.1.11", @@ -35694,10 +36032,10 @@ "v": ">=1.11a1,<1.11.23,>=2.0a1,<2.1.11,>=2.2a1,<2.2.4" }, { - "advisory": "Django 1.11.23, 2.1.11, and 2.2.4 include a fix for CVE-2019-14233: Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.", - "cve": "CVE-2019-14233", - "id": "pyup.io-39593", - "more_info_path": "/vulnerabilities/CVE-2019-14233/39593", + "advisory": "Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14234: Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.", + "cve": "CVE-2019-14234", + "id": "pyup.io-39592", + "more_info_path": "/vulnerabilities/CVE-2019-14234/39592", "specs": [ ">=1.11a1,<1.11.23", ">=2.0a1,<2.1.11", @@ -37382,20 +37720,20 @@ "v": "<4.0.8" }, { - "advisory": "Django Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.\r\nhttps://hacker.soarescorp.com/cve/2023-41592/", - "cve": "CVE-2023-41592", - "id": "pyup.io-62734", - "more_info_path": "/vulnerabilities/CVE-2023-41592/62734", + "advisory": "A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.\r\nhttps://github.com/b0marek/CVE-2023-43263", + "cve": "CVE-2023-43263", + "id": "pyup.io-62989", + "more_info_path": "/vulnerabilities/CVE-2023-43263/62989", "specs": [ "<4.1.1" ], "v": "<4.1.1" }, { - "advisory": "A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.\r\nhttps://github.com/b0marek/CVE-2023-43263", - "cve": "CVE-2023-43263", - "id": "pyup.io-62989", - "more_info_path": "/vulnerabilities/CVE-2023-43263/62989", + "advisory": "Django Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.\r\nhttps://hacker.soarescorp.com/cve/2023-41592/", + "cve": "CVE-2023-41592", + "id": "pyup.io-62734", + "more_info_path": "/vulnerabilities/CVE-2023-41592/62734", "specs": [ "<4.1.1" ], @@ -37410,6 +37748,16 @@ "<4.1.3" ], "v": "<4.1.3" + }, + { + "advisory": "Affected versions of django-froala-editor are vulnerable to Cross-Site Scripting (XSS) due to CVE-2023-41592 in the underlying Froala WYSIWYG editor.", + "cve": "CVE-2023-41592", + "id": "pyup.io-73017", + "more_info_path": "/vulnerabilities/CVE-2023-41592/73017", + "specs": [ + "<4.2.2" + ], + "v": "<4.2.2" } ], "django-grappelli": [ @@ -38809,6 +39157,16 @@ "<0.8.0" ], "v": "<0.8.0" + }, + { + "advisory": "Django-oauth-toolkit upgrades oauthlib to 3.2.2+ to address CVE-2022-36087.", + "cve": "CVE-2022-36087", + "id": "pyup.io-73082", + "more_info_path": "/vulnerabilities/CVE-2022-36087/73082", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" } ], "django-orghierarchy": [ @@ -40864,7 +41222,7 @@ ], "dnspython": [ { - "advisory": "Dnspython 2.6.0 fixes a DoS vulnerability highlighted in the \"TuDoor\" paper (CVE-2023-29483), where spoofed DNS responses could disrupt service. The update prevents denial of service by ignoring malicious packets, allowing the resolver to wait for valid responses until a query's timeout. This mitigation ensures continued service despite attempted attacks, enhancing the resolver's reliability and security.", + "advisory": "Dnspython affected versions are vulnerable to a DoS vulnerability highlighted in the \"TuDoor\" paper, where spoofed DNS responses could disrupt service. The update prevents denial of service by ignoring malicious packets, allowing the resolver to wait for valid responses until a query's timeout. This mitigation ensures continued service despite attempted attacks, enhancing the resolver's reliability and security.", "cve": "CVE-2023-29483", "id": "pyup.io-65401", "more_info_path": "/vulnerabilities/CVE-2023-29483/65401", @@ -40872,16 +41230,6 @@ "<2.6.0" ], "v": "<2.6.0" - }, - { - "advisory": "The dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query.", - "cve": "CVE-2023-29483", - "id": "pyup.io-66710", - "more_info_path": "/vulnerabilities/CVE-2023-29483/66710", - "specs": [ - "<2.6.1" - ], - "v": "<2.6.1" } ], "dnsupdate": [ @@ -40930,20 +41278,20 @@ "v": "<1.0.12,>=1.1.0,<1.1.113,>=1.2.0,<1.2.65" }, { - "advisory": "Docassemble version 1.4.97 addresses a critical security flaw, impacting versions from 1.4.53 to 1.4.96, where file contents within the filesystem could potentially be exposed. Given the high severity of this issue, users are strongly advised to update to the latest version immediately to secure their systems.", - "cve": "PVE-2024-65732", - "id": "pyup.io-65732", - "more_info_path": "/vulnerabilities/PVE-2024-65732/65732", + "advisory": "Docassemble version 1.4.97 rectifies a security vulnerability present in versions up to 1.4.96. This flaw allowed for the creation of open redirect URLs.\r\nhttps://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", + "cve": "PVE-2024-65739", + "id": "pyup.io-65739", + "more_info_path": "/vulnerabilities/PVE-2024-65739/65739", "specs": [ "<1.4.97" ], "v": "<1.4.97" }, { - "advisory": "Docassemble version 1.4.97 rectifies a security vulnerability present in versions up to 1.4.96. This flaw allowed for the creation of open redirect URLs.\r\nhttps://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa", - "cve": "PVE-2024-65739", - "id": "pyup.io-65739", - "more_info_path": "/vulnerabilities/PVE-2024-65739/65739", + "advisory": "Docassemble version 1.4.97 addresses a critical security flaw, impacting versions from 1.4.53 to 1.4.96, where file contents within the filesystem could potentially be exposed. Given the high severity of this issue, users are strongly advised to update to the latest version immediately to secure their systems.", + "cve": "PVE-2024-65732", + "id": "pyup.io-65732", + "more_info_path": "/vulnerabilities/PVE-2024-65732/65732", "specs": [ "<1.4.97" ], @@ -41356,7 +41704,7 @@ ], "dora-rs": [ { - "advisory": "Dora-rs 0.2.0\r\n\r\n- **Vulnerability Type** | Race Condition, Vulnerable Dependency \r\n- **Impact** | Potential unauthorized access, DoS\r\n- **Attack Vector** | Network, Exploit of Vulnerable Dependency\r\n- **Affected Functions/Methods** | Not specified \r\n- **Vulnerable Configuration** | Use of vulnerable 'remove_dir_all' dependency\r\n- **Remediation** | Upgrade 'dora' package to version with fixes for race condition and vulnerable dependency\r\n\r\nAnalysis Details:\r\n- Fix provided for known race condition vulnerability 'race condition' \r\n links: https://github.com/dora-rs/dora/pull/202\r\n\r\n - Fix provided to address vulnerable dependency - 'remove_dir_all'\r\n link: https://github.com/dora-rs/dora/pull/202 \r\n\r\nWe have clear confirmation of a race condition vulnerability and vulnerable third-party dependency being addressed.", + "advisory": "Dora-rs before 0.2.0 ship with a binary version of Dora that include a vulnerable version of 'remove_dir_all' crate.", "cve": "PVE-2024-72877", "id": "pyup.io-72877", "more_info_path": "/vulnerabilities/PVE-2024-72877/72877", @@ -41366,10 +41714,20 @@ "v": "<0.2.0" }, { - "advisory": "Dora-rs 0.3.3\r\n\r\nGitHub Advisory : https://github.com/advisories/GHSA-r8w9-5wcg-vfj7\r\nPackage: dora \r\n\r\nVulnerability: Medium severity vulnerability in mio crate \r\n\r\nDescription: The dora project updated the mio crate dependency to version 0.8.11 to patch a security vulnerability. The mio crate is a networking library. Without further details on the vulnerability, the exact impact is unknown but was serious enough to warrant a patch.\r\n\r\n- **Vulnerability Type | Description (MANDATORY)**: Medium severity vulnerability in mio crate (network library used by dora)\r\n- **Impact (DESIRABLE)**: Unknown without further details \r\n- **Attack Vector (DESIRABLE)**: Unknown \r\n- **Affected Functions | Methods (OPTIONAL)**: Unknown\r\n- **Vulnerable Configuration (OPTIONAL)**: dora crate versions 0.8.10 and prior\r\n- **Exploitability Information (OPTIONAL)**: Unknown\r\n- **Mitigation | Remediation (OPTIONAL)**: Update to dora crate version 0.8.11 or later\r\n- **Explanation on why our information is better that public sources, if that is the case (OPTIONAL)**: Provides analysis and recommendations based on changelog details\r\n\r\nWhile the exact details of the vulnerability are unknown, a medium severity issue was patched by updating from mio crate version 0.8.10 to 0.8.11. Users of the dora crate should update to the latest version to patch this vulnerability, and maintainers should label prior versions as vulnerable.\r\n\r\nRecommendation: Users of the dora crate should update to version 0.8.11 or later. Maintainers of the dora crate should label version 0.8.10 and prior as vulnerable.", - "cve": "PVE-2024-72875", + "advisory": "Dora-rs before 0.2.6 ship with a binary version of Dora that include a vulnerable version of 'time' crate.", + "cve": "CVE-2020-26235", + "id": "pyup.io-72876", + "more_info_path": "/vulnerabilities/CVE-2020-26235/72876", + "specs": [ + "<0.2.6" + ], + "v": "<0.2.6" + }, + { + "advisory": "Dora-rs before 0.3.3 ship with a binary version of Dora that include a vulnerable version of 'mio' crate.", + "cve": "CVE-2024-27308", "id": "pyup.io-72875", - "more_info_path": "/vulnerabilities/PVE-2024-72875/72875", + "more_info_path": "/vulnerabilities/CVE-2024-27308/72875", "specs": [ "<0.3.3" ], @@ -41514,6 +41872,18 @@ "v": "<1.4" } ], + "dplib-py": [ + { + "advisory": "Affected versions of dplib are vulnerable to Path Traversal (CWE-22) and Insecure File Permissions (CWE-732). These vulnerabilities could allow attackers to access files outside intended directories or gain unauthorized access to sensitive files. The path handling and file operation functions were affected. Exploitability depends on library usage in applications. To mitigate, update to the version which implements improved input validation, explicit file permissions, and stronger path safety checks. If updating isn't possible, carefully review and sanitize all inputs to path and file operations.", + "cve": "PVE-2024-73398", + "id": "pyup.io-73398", + "more_info_path": "/vulnerabilities/PVE-2024-73398/73398", + "specs": [ + "<1.1" + ], + "v": "<1.1" + } + ], "dpp-client": [ { "advisory": "Dpp-client is a typosquatting package. It installs a trojan in your system that leaks your data.\r\nhttps://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2", @@ -41763,6 +42133,26 @@ } ], "dtale": [ + { + "advisory": "Dtale affected versions are vulnerable to SQL injection attacks through custom query inputs. Malicious users could execute arbitrary queries, leading to unauthorized data access or manipulation. Fixed versions introduce a configurable flag to disable custom filters, mitigating this vulnerability. Is necessary to ensure the 'enable_custom_filters' flag is set to False by default when upgrading. If custom filters are required, implement additional input validation and consider using parameterized queries to further enhance security.", + "cve": "PVE-2024-73151", + "id": "pyup.io-73151", + "more_info_path": "/vulnerabilities/PVE-2024-73151/73151", + "specs": [ + "<3.14.1" + ], + "v": "<3.14.1" + }, + { + "advisory": "D-Tale affected versions potentially exposed a security vulnerability by processing user-supplied queries without restrictions. This could allow malicious actors to craft queries leading to unauthorized data access or manipulation. The patch introduces a feature flag, \"enable_custom_filters\", which, when disabled, prevents processing of custom queries, significantly reducing the attack surface. Users are advised to update to the latest version and carefully manage this new flag, enabling custom filters only when necessary. Organizations should review any existing deployments, ensure proper configuration of the feature flag, and consider disabling custom filters in sensitive environments.", + "cve": "CVE-2024-45595", + "id": "pyup.io-73185", + "more_info_path": "/vulnerabilities/CVE-2024-45595/73185", + "specs": [ + "<3.14.1" + ], + "v": "<3.14.1" + }, { "advisory": "D-Tale 3.7.0 includes a fix for CVE-2023-46134: Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in version 3.7.0 by turning off \"Custom Filter\" input by default. The only workaround for versions earlier than 3.7.0 is to only host D-Tale to trusted users.\r\nhttps://github.com/man-group/dtale/security/advisories/GHSA-jq6c-r9xf-qxjm", "cve": "CVE-2023-46134", @@ -42897,20 +43287,20 @@ ], "encapsia-cli": [ { - "advisory": "Encapsia-cli 0.5.2 updates its dependency 'httpie' requirement to ^3.1.0 to include security fixes.", - "cve": "CVE-2022-24737", - "id": "pyup.io-52522", - "more_info_path": "/vulnerabilities/CVE-2022-24737/52522", + "advisory": "Encapsia-cli 0.5.2 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", + "cve": "CVE-2007-4559", + "id": "pyup.io-52524", + "more_info_path": "/vulnerabilities/CVE-2007-4559/52524", "specs": [ "<0.5.2" ], "v": "<0.5.2" }, { - "advisory": "Encapsia-cli 0.5.2 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", - "cve": "CVE-2007-4559", - "id": "pyup.io-52524", - "more_info_path": "/vulnerabilities/CVE-2007-4559/52524", + "advisory": "Encapsia-cli 0.5.2 updates its dependency 'httpie' requirement to ^3.1.0 to include security fixes.", + "cve": "CVE-2022-24737", + "id": "pyup.io-52522", + "more_info_path": "/vulnerabilities/CVE-2022-24737/52522", "specs": [ "<0.5.2" ], @@ -43344,16 +43734,6 @@ ], "v": "<2.15.1" }, - { - "advisory": "Ethyca-fides 2.22.1 addresses the moderate severity vulnerability CVE-2023-46126. This issue affected versions of Fides before 2.22.1, where the privacy policy URL field in consent and privacy notices was not properly validated. Malicious users with contributor access or higher could exploit this to execute arbitrary JavaScript on integrated websites. The patch now properly sanitizes input, preventing such attacks. https://github.com/ethyca/fides/security/advisories/GHSA-fgjj-5jmr-gh83", - "cve": "CVE-2023-46126", - "id": "pyup.io-63526", - "more_info_path": "/vulnerabilities/CVE-2023-46126/63526", - "specs": [ - "<2.22.1" - ], - "v": "<2.22.1" - }, { "advisory": "Ethyca's Fides 2.22.1 patches a high-severity SSRF vulnerability (CVE-2023-46124) affecting versions before 2.22.1. This vulnerability allowed attackers with certain API access to make internal system requests that could lead to data breaches. The update is crucial for users with CONNECTOR_TEMPLATE_REGISTER scope and should be applied immediately to secure systems.\r\nhttps://github.com/ethyca/fides/security/advisories/GHSA-jq3w-9mgf-43m4", "cve": "CVE-2023-46124", @@ -43374,6 +43754,16 @@ ], "v": "<2.22.1" }, + { + "advisory": "Ethyca-fides 2.22.1 addresses the moderate severity vulnerability CVE-2023-46126. This issue affected versions of Fides before 2.22.1, where the privacy policy URL field in consent and privacy notices was not properly validated. Malicious users with contributor access or higher could exploit this to execute arbitrary JavaScript on integrated websites. The patch now properly sanitizes input, preventing such attacks. https://github.com/ethyca/fides/security/advisories/GHSA-fgjj-5jmr-gh83", + "cve": "CVE-2023-46126", + "id": "pyup.io-63526", + "more_info_path": "/vulnerabilities/CVE-2023-46126/63526", + "specs": [ + "<2.22.1" + ], + "v": "<2.22.1" + }, { "advisory": "Ethyca-fides 2.23.3 addresses the security vulnerability CVE-2023-47114. This vulnerability allowed for HTML injection that could lead to phishing attacks or malicious JavaScript execution when accessing HTML pages via the file:// protocol.\r\nhttps://github.com/ethyca/fides/commit/74a095f490ea2f1db8bf18a1605ccbee8846373c.", "cve": "CVE-2023-47114", @@ -43414,6 +43804,26 @@ ], "v": "<2.39.1" }, + { + "advisory": "In ethyca-fides affected versions, a timing-based username enumeration vulnerability exists in the Fides Webserver authentication process. This security flaw enables an unauthenticated attacker to discern the existence of valid usernames by analyzing the server's response times to login requests. The discernible difference in response times between valid and invalid usernames can be exploited to systematically enumerate users on the system, potentially compromising user privacy and serving as a stepping stone for further attacks.", + "cve": "CVE-2024-45052", + "id": "pyup.io-73131", + "more_info_path": "/vulnerabilities/CVE-2024-45052/73131", + "specs": [ + "<2.44.0" + ], + "v": "<2.44.0" + }, + { + "advisory": "In ethyca-fides affected versions, the Email Templating feature implements Jinja2 without adequate input sanitization or rendering environment restrictions. This oversight creates a vulnerability to Server-Side Template Injection, potentially allowing Remote Code Execution by privileged users. In this context, a privileged user is defined as an Admin UI user with either the default 'Owner' or 'Contributor' role. Such users can exploit this vulnerability to escalate their access and execute arbitrary code on the underlying Fides Webserver container where the Jinja template rendering function operates.", + "cve": "CVE-2024-45053", + "id": "pyup.io-73130", + "more_info_path": "/vulnerabilities/CVE-2024-45053/73130", + "specs": [ + "<2.44.0" + ], + "v": "<2.44.0" + }, { "advisory": "The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading. If an attack occurs, the impact can be mitigated by manually or automatically restarting the affected container.", "cve": "CVE-2023-37480", @@ -43664,29 +44074,19 @@ }, { "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-2533", - "id": "pyup.io-52042", - "more_info_path": "/vulnerabilities/CVE-2016-2533/52042", - "specs": [ - "<0.8" - ], - "v": "<0.8" - }, - { - "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-9190", - "id": "pyup.io-52039", - "more_info_path": "/vulnerabilities/CVE-2016-9190/52039", + "cve": "CVE-2016-9189", + "id": "pyup.io-52037", + "more_info_path": "/vulnerabilities/CVE-2016-9189/52037", "specs": [ "<0.8" ], "v": "<0.8" }, { - "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-0775", - "id": "pyup.io-52041", - "more_info_path": "/vulnerabilities/CVE-2016-0775/52041", + "advisory": "Evennia 0.8 updates its dependency 'Django' minimum requirement to v1.11 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", + "cve": "CVE-2016-9013", + "id": "pyup.io-52035", + "more_info_path": "/vulnerabilities/CVE-2016-9013/52035", "specs": [ "<0.8" ], @@ -43694,9 +44094,9 @@ }, { "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-9189", - "id": "pyup.io-52037", - "more_info_path": "/vulnerabilities/CVE-2016-9189/52037", + "cve": "CVE-2016-0740", + "id": "pyup.io-52040", + "more_info_path": "/vulnerabilities/CVE-2016-0740/52040", "specs": [ "<0.8" ], @@ -43734,19 +44134,29 @@ }, { "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-0740", - "id": "pyup.io-52040", - "more_info_path": "/vulnerabilities/CVE-2016-0740/52040", + "cve": "CVE-2016-2533", + "id": "pyup.io-52042", + "more_info_path": "/vulnerabilities/CVE-2016-2533/52042", "specs": [ "<0.8" ], "v": "<0.8" }, { - "advisory": "Evennia 0.8 updates its dependency 'Django' minimum requirement to v1.11 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-9013", - "id": "pyup.io-52035", - "more_info_path": "/vulnerabilities/CVE-2016-9013/52035", + "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", + "cve": "CVE-2016-9190", + "id": "pyup.io-52039", + "more_info_path": "/vulnerabilities/CVE-2016-9190/52039", + "specs": [ + "<0.8" + ], + "v": "<0.8" + }, + { + "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", + "cve": "CVE-2016-0775", + "id": "pyup.io-52041", + "more_info_path": "/vulnerabilities/CVE-2016-0775/52041", "specs": [ "<0.8" ], @@ -43774,9 +44184,9 @@ }, { "advisory": "Evennia 0.9.5 updates its dependency 'twisted' minimum requirement to \">=20.3.0\" to include security fixes.", - "cve": "CVE-2020-10108", - "id": "pyup.io-51936", - "more_info_path": "/vulnerabilities/CVE-2020-10108/51936", + "cve": "CVE-2020-10109", + "id": "pyup.io-52045", + "more_info_path": "/vulnerabilities/CVE-2020-10109/52045", "specs": [ "<0.9.5" ], @@ -43784,9 +44194,9 @@ }, { "advisory": "Evennia 0.9.5 updates its dependency 'twisted' minimum requirement to \">=20.3.0\" to include security fixes.", - "cve": "CVE-2020-10109", - "id": "pyup.io-52045", - "more_info_path": "/vulnerabilities/CVE-2020-10109/52045", + "cve": "CVE-2020-10108", + "id": "pyup.io-51936", + "more_info_path": "/vulnerabilities/CVE-2020-10108/51936", "specs": [ "<0.9.5" ], @@ -43843,20 +44253,20 @@ "v": "<3.0.0" }, { - "advisory": "Evennia 4.0.0 enhances security on the website character page by implementing URL validation for redirects. \r\nhttps://github.com/evennia/evennia/commit/23b9d06db5e6e8b0e48198dd46b85ce57fd0f10d", - "cve": "PVE-2024-66790", - "id": "pyup.io-66790", - "more_info_path": "/vulnerabilities/PVE-2024-66790/66790", + "advisory": "Evennia 4.0.0 addresses an issue with inefficient regex in the rpsystem, optimizing pattern matching to enhance performance and reduce processing load. This fix significantly improves the efficiency of roleplay system operations.\r\nhttps://github.com/evennia/evennia/commit/3a0b434e422b2dea3e4a34d5dc15fb9e853fe7ff", + "cve": "PVE-2024-66763", + "id": "pyup.io-66763", + "more_info_path": "/vulnerabilities/PVE-2024-66763/66763", "specs": [ "<4.0.0" ], "v": "<4.0.0" }, { - "advisory": "Evennia 4.0.0 addresses an issue with inefficient regex in the rpsystem, optimizing pattern matching to enhance performance and reduce processing load. This fix significantly improves the efficiency of roleplay system operations.\r\nhttps://github.com/evennia/evennia/commit/3a0b434e422b2dea3e4a34d5dc15fb9e853fe7ff", - "cve": "PVE-2024-66763", - "id": "pyup.io-66763", - "more_info_path": "/vulnerabilities/PVE-2024-66763/66763", + "advisory": "Evennia 4.0.0 enhances security on the website character page by implementing URL validation for redirects. \r\nhttps://github.com/evennia/evennia/commit/23b9d06db5e6e8b0e48198dd46b85ce57fd0f10d", + "cve": "PVE-2024-66790", + "id": "pyup.io-66790", + "more_info_path": "/vulnerabilities/PVE-2024-66790/66790", "specs": [ "<4.0.0" ], @@ -43917,6 +44327,16 @@ "<0.35.2" ], "v": "<0.35.2" + }, + { + "advisory": "Eventlet affected versions contain a vulnerability in HTTP header processing within the WSGI implementation. This flaw could allow attackers to craft specially formatted headers, potentially causing header name collisions or overwriting important headers in the WSGI environment. Such manipulation could lead to security issues depending on how applications process these headers.", + "cve": "PVE-2024-73179", + "id": "pyup.io-73179", + "more_info_path": "/vulnerabilities/PVE-2024-73179/73179", + "specs": [ + "<0.37.0" + ], + "v": "<0.37.0" } ], "eventmq": [ @@ -44905,20 +45325,20 @@ "v": "<0.75.2" }, { - "advisory": "Fastapi 0.75.2 updates its dependency 'ujson' ranges to include a security fix.", - "cve": "CVE-2021-45958", - "id": "pyup.io-48159", - "more_info_path": "/vulnerabilities/CVE-2021-45958/48159", + "advisory": "Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.", + "cve": "CVE-2018-25031", + "id": "pyup.io-48160", + "more_info_path": "/vulnerabilities/CVE-2018-25031/48160", "specs": [ "<0.75.2" ], "v": "<0.75.2" }, { - "advisory": "Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.", - "cve": "CVE-2018-25031", - "id": "pyup.io-48160", - "more_info_path": "/vulnerabilities/CVE-2018-25031/48160", + "advisory": "Fastapi 0.75.2 updates its dependency 'ujson' ranges to include a security fix.", + "cve": "CVE-2021-45958", + "id": "pyup.io-48159", + "more_info_path": "/vulnerabilities/CVE-2021-45958/48159", "specs": [ "<0.75.2" ], @@ -45003,30 +45423,30 @@ "v": "<1.4.0" }, { - "advisory": "Fastapi-login 1.6.0 updates its dependency 'nltk' to v 3.6.2 to include a security fix for a ReDoS vulnerability.", - "cve": "PVE-2023-54914", - "id": "pyup.io-40234", - "more_info_path": "/vulnerabilities/PVE-2023-54914/40234", + "advisory": "Fastapi-login 1.6.0 updates its dependency 'urllib3' to v 1.26.4 to include a security fix.", + "cve": "CVE-2021-28363", + "id": "pyup.io-45766", + "more_info_path": "/vulnerabilities/CVE-2021-28363/45766", "specs": [ "<1.6.0" ], "v": "<1.6.0" }, { - "advisory": "Fastapi-login 1.6.0 updates its dependency 'urllib3' to v 1.26.4 to include a security fix.", - "cve": "CVE-2021-28363", - "id": "pyup.io-45766", - "more_info_path": "/vulnerabilities/CVE-2021-28363/45766", + "advisory": "Fastapi-login 1.6.0 updates its dependency 'nltk' to v 3.6.2 to include a security fix for a ReDoS vulnerability.", + "cve": "PVE-2023-54914", + "id": "pyup.io-40234", + "more_info_path": "/vulnerabilities/PVE-2023-54914/40234", "specs": [ "<1.6.0" ], "v": "<1.6.0" }, { - "advisory": "Fastapi-login 1.6.1 updates its dependency 'fastapi' to v0.65.2 to include a security fix.", - "cve": "CVE-2021-32677", - "id": "pyup.io-45767", - "more_info_path": "/vulnerabilities/CVE-2021-32677/45767", + "advisory": "Fastapi-login 1.6.1 updates its dependency 'urllib3' to v1.26.5 to include a security fix.", + "cve": "CVE-2021-33503", + "id": "pyup.io-45768", + "more_info_path": "/vulnerabilities/CVE-2021-33503/45768", "specs": [ "<1.6.1" ], @@ -45043,10 +45463,10 @@ "v": "<1.6.1" }, { - "advisory": "Fastapi-login 1.6.1 updates its dependency 'urllib3' to v1.26.5 to include a security fix.", - "cve": "CVE-2021-33503", - "id": "pyup.io-45768", - "more_info_path": "/vulnerabilities/CVE-2021-33503/45768", + "advisory": "Fastapi-login 1.6.1 updates its dependency 'fastapi' to v0.65.2 to include a security fix.", + "cve": "CVE-2021-32677", + "id": "pyup.io-45767", + "more_info_path": "/vulnerabilities/CVE-2021-32677/45767", "specs": [ "<1.6.1" ], @@ -45094,9 +45514,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2023-23931", - "id": "pyup.io-53896", - "more_info_path": "/vulnerabilities/CVE-2023-23931/53896", + "cve": "CVE-2023-0401", + "id": "pyup.io-53886", + "more_info_path": "/vulnerabilities/CVE-2023-0401/53886", "specs": [ "<1.9.0" ], @@ -45104,9 +45524,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2023-0401", - "id": "pyup.io-53886", - "more_info_path": "/vulnerabilities/CVE-2023-0401/53886", + "cve": "CVE-2023-23931", + "id": "pyup.io-53896", + "more_info_path": "/vulnerabilities/CVE-2023-23931/53896", "specs": [ "<1.9.0" ], @@ -45114,9 +45534,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2022-4304", - "id": "pyup.io-53895", - "more_info_path": "/vulnerabilities/CVE-2022-4304/53895", + "cve": "CVE-2023-0217", + "id": "pyup.io-53893", + "more_info_path": "/vulnerabilities/CVE-2023-0217/53893", "specs": [ "<1.9.0" ], @@ -45124,9 +45544,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2023-0217", - "id": "pyup.io-53893", - "more_info_path": "/vulnerabilities/CVE-2023-0217/53893", + "cve": "CVE-2022-4304", + "id": "pyup.io-53895", + "more_info_path": "/vulnerabilities/CVE-2022-4304/53895", "specs": [ "<1.9.0" ], @@ -45553,6 +45973,26 @@ "<1.0.3" ], "v": "<1.0.3" + }, + { + "advisory": "Featurebyte has updated aiohttp to version 3.10.2 or higher to address CVE-2024-27306 and other potential security vulnerabilities.", + "cve": "CVE-2024-27306", + "id": "pyup.io-73230", + "more_info_path": "/vulnerabilities/CVE-2024-27306/73230", + "specs": [ + "<2.0.1" + ], + "v": "<2.0.1" + }, + { + "advisory": "Featurebyte has updated JupyterLab to version 4.2.5 or higher to address CVE-2024-43805 and other potential security vulnerabilities.", + "cve": "CVE-2024-43805", + "id": "pyup.io-73204", + "more_info_path": "/vulnerabilities/CVE-2024-43805/73204", + "specs": [ + "<2.0.1" + ], + "v": "<2.0.1" } ], "featureserver": [ @@ -46410,20 +46850,20 @@ "v": "<0.2.0" }, { - "advisory": "flask-appbuilder 0.7.8 adds new, added optional parameter \"label\" and \"category_label\" for menu items, better security and i18n", - "cve": "PVE-2021-37905", - "id": "pyup.io-37905", - "more_info_path": "/vulnerabilities/PVE-2021-37905/37905", + "advisory": "Flask-appbuilder 0.7.8 has better security than previous versions. No details are given.", + "cve": "PVE-2021-37064", + "id": "pyup.io-37064", + "more_info_path": "/vulnerabilities/PVE-2021-37064/37064", "specs": [ "<0.7.8" ], "v": "<0.7.8" }, { - "advisory": "Flask-appbuilder 0.7.8 has better security than previous versions. No details are given.", - "cve": "PVE-2021-37064", - "id": "pyup.io-37064", - "more_info_path": "/vulnerabilities/PVE-2021-37064/37064", + "advisory": "flask-appbuilder 0.7.8 adds new, added optional parameter \"label\" and \"category_label\" for menu items, better security and i18n", + "cve": "PVE-2021-37905", + "id": "pyup.io-37905", + "more_info_path": "/vulnerabilities/PVE-2021-37905/37905", "specs": [ "<0.7.8" ], @@ -46559,6 +46999,26 @@ ], "v": "<4.3.2" }, + { + "advisory": "Flask-appbuilder's update from dnspython 2.4.2 to 2.6.1 addresses CVE-2023-29483.", + "cve": "CVE-2023-29483", + "id": "pyup.io-73008", + "more_info_path": "/vulnerabilities/CVE-2023-29483/73008", + "specs": [ + "<4.5.1" + ], + "v": "<4.5.1" + }, + { + "advisory": "In flask-appbuilder affected versions, the authentication database login form's default cache directives allow browsers to locally store sensitive data. This poses a security risk, particularly in environments where computer resources are shared. The latest release contains a patch addressing this issue. If upgrading is not feasible, users can mitigate the vulnerability by configuring their web server to send specific HTTP headers for the /login endpoint, following the instructions provided in the GitHub Security Advisory.", + "cve": "CVE-2024-45314", + "id": "pyup.io-73129", + "more_info_path": "/vulnerabilities/CVE-2024-45314/73129", + "specs": [ + "<4.5.1" + ], + "v": "<4.5.1" + }, { "advisory": "Flask-AppBuilder 3.3.0 includes a fix for CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder <= 3.2.3 allows for a non authenticated users to enumerate existing accounts by timing the response time from the server when you are logging in.", "cve": "CVE-2021-29621", @@ -46604,6 +47064,18 @@ "v": "<=2.3.0" } ], + "flask-cognito-lib": [ + { + "advisory": "Flask-cognito-lib updates cryptography to address GHSA-h4gh-qq45-vh27 - CVE-2024-6119.", + "cve": "CVE-2024-6119", + "id": "pyup.io-73404", + "more_info_path": "/vulnerabilities/CVE-2024-6119/73404", + "specs": [ + "<1.9.1" + ], + "v": "<1.9.1" + } + ], "flask-cors": [ { "advisory": "Flask-CORS before 3.0.9 allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format. See CVE-2020-25032.", @@ -47353,16 +47825,6 @@ ], "v": "<0.30.0" }, - { - "advisory": "Flytekit 1.1.0 updates its dependency 'pillow' to v9.1.1 to include a security fix.", - "cve": "CVE-2022-30595", - "id": "pyup.io-49721", - "more_info_path": "/vulnerabilities/CVE-2022-30595/49721", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, { "advisory": "Flytekit 1.1.0 updates its dependency 'cookiecutter' to v2.1.1 to include a security fix.", "cve": "CVE-2022-24065", @@ -47374,40 +47836,40 @@ "v": "<1.1.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'pyspark' to v3.3.0 to include a security fix.", - "cve": "CVE-2022-33891", - "id": "pyup.io-51332", - "more_info_path": "/vulnerabilities/CVE-2022-33891/51332", + "advisory": "Flytekit 1.1.0 updates its dependency 'pillow' to v9.1.1 to include a security fix.", + "cve": "CVE-2022-30595", + "id": "pyup.io-49721", + "more_info_path": "/vulnerabilities/CVE-2022-30595/49721", "specs": [ - "<1.2.0" + "<1.1.0" ], - "v": "<1.2.0" + "v": "<1.1.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'cookiecutter' to v2.1.1 to include a security fix.", - "cve": "CVE-2022-24065", - "id": "pyup.io-51331", - "more_info_path": "/vulnerabilities/CVE-2022-24065/51331", + "advisory": "Flytekit 1.2.0 updates its dependency 'mistune' to v2.0.3 to include a security fix.", + "cve": "CVE-2022-34749", + "id": "pyup.io-51329", + "more_info_path": "/vulnerabilities/CVE-2022-34749/51329", "specs": [ "<1.2.0" ], "v": "<1.2.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'mistune' to v2.0.3 to include a security fix.", - "cve": "CVE-2022-34749", - "id": "pyup.io-51329", - "more_info_path": "/vulnerabilities/CVE-2022-34749/51329", + "advisory": "Flytekit 1.2.0 updates its dependency 'pyspark' to v3.3.0 to include a security fix.", + "cve": "CVE-2022-33891", + "id": "pyup.io-51332", + "more_info_path": "/vulnerabilities/CVE-2022-33891/51332", "specs": [ "<1.2.0" ], "v": "<1.2.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'lxml' to v4.9.1 to include a security fix.", - "cve": "CVE-2022-2309", - "id": "pyup.io-51327", - "more_info_path": "/vulnerabilities/CVE-2022-2309/51327", + "advisory": "Flytekit 1.2.0 updates its dependency 'oauthlib' to v3.2.1 to include a security fix.", + "cve": "CVE-2022-36087", + "id": "pyup.io-51333", + "more_info_path": "/vulnerabilities/CVE-2022-36087/51333", "specs": [ "<1.2.0" ], @@ -47424,10 +47886,10 @@ "v": "<1.2.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'oauthlib' to v3.2.1 to include a security fix.", - "cve": "CVE-2022-36087", - "id": "pyup.io-51333", - "more_info_path": "/vulnerabilities/CVE-2022-36087/51333", + "advisory": "Flytekit 1.2.0 updates its dependency 'lxml' to v4.9.1 to include a security fix.", + "cve": "CVE-2022-2309", + "id": "pyup.io-51327", + "more_info_path": "/vulnerabilities/CVE-2022-2309/51327", "specs": [ "<1.2.0" ], @@ -47442,6 +47904,16 @@ "<1.2.0" ], "v": "<1.2.0" + }, + { + "advisory": "Flytekit 1.2.0 updates its dependency 'cookiecutter' to v2.1.1 to include a security fix.", + "cve": "CVE-2022-24065", + "id": "pyup.io-51331", + "more_info_path": "/vulnerabilities/CVE-2022-24065/51331", + "specs": [ + "<1.2.0" + ], + "v": "<1.2.0" } ], "fmeval": [ @@ -49168,20 +49640,20 @@ "v": "<1.0.0" }, { - "advisory": "Geti-sdk 1.0.1 sanitizes project download target path.\r\nhttps://github.com/openvinotoolkit/geti-sdk/pull/87", - "cve": "PVE-2023-54989", - "id": "pyup.io-54989", - "more_info_path": "/vulnerabilities/PVE-2023-54989/54989", + "advisory": "Geti-sdk 1.0.1 reduce permissions upon directory creation.\r\nhttps://github.com/openvinotoolkit/geti-sdk/pull/90", + "cve": "PVE-2023-54993", + "id": "pyup.io-54993", + "more_info_path": "/vulnerabilities/PVE-2023-54993/54993", "specs": [ "<1.0.1" ], "v": "<1.0.1" }, { - "advisory": "Geti-sdk 1.0.1 reduce permissions upon directory creation.\r\nhttps://github.com/openvinotoolkit/geti-sdk/pull/90", - "cve": "PVE-2023-54993", - "id": "pyup.io-54993", - "more_info_path": "/vulnerabilities/PVE-2023-54993/54993", + "advisory": "Geti-sdk 1.0.1 sanitizes project download target path.\r\nhttps://github.com/openvinotoolkit/geti-sdk/pull/87", + "cve": "PVE-2023-54989", + "id": "pyup.io-54989", + "more_info_path": "/vulnerabilities/PVE-2023-54989/54989", "specs": [ "<1.0.1" ], @@ -49258,9 +49730,9 @@ "ggshield": [ { "advisory": "Ggshield 1.18.0 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/GitGuardian/ggshield/commit/3c67771a4d66accede14fa23dfce9ea51571e082", - "cve": "CVE-2023-2975", - "id": "pyup.io-60486", - "more_info_path": "/vulnerabilities/CVE-2023-2975/60486", + "cve": "CVE-2023-3817", + "id": "pyup.io-60443", + "more_info_path": "/vulnerabilities/CVE-2023-3817/60443", "specs": [ "<1.18.0" ], @@ -49268,9 +49740,9 @@ }, { "advisory": "Ggshield 1.18.0 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/GitGuardian/ggshield/commit/3c67771a4d66accede14fa23dfce9ea51571e082", - "cve": "CVE-2023-3817", - "id": "pyup.io-60443", - "more_info_path": "/vulnerabilities/CVE-2023-3817/60443", + "cve": "CVE-2023-2975", + "id": "pyup.io-60486", + "more_info_path": "/vulnerabilities/CVE-2023-2975/60486", "specs": [ "<1.18.0" ], @@ -49738,6 +50210,16 @@ ], "v": "<3.1.32" }, + { + "advisory": "GitPython affected versions are vulnerable to Path Traversal (CWE-22). This vulnerability allows an attacker to potentially read arbitrary files from the system, which could lead to information disclosure or denial of service. The attack vector involves manipulating reference names to include path traversal sequences. The vulnerable functionality was in the handling of reference paths, which didn't properly validate user input. The initial fix was implemented with further security improvements in subsequent versions.", + "cve": "CVE-2023-41040", + "id": "pyup.io-60841", + "more_info_path": "/vulnerabilities/CVE-2023-41040/60841", + "specs": [ + "<3.1.35" + ], + "v": "<3.1.35" + }, { "advisory": "GitPython 3.1.41 fixes a vulnerability (CVE-2024-22190) involving an untrusted search path issue on Windows, which could allow execution of malicious git.exe or bash.exe from untrusted repositories. This update addresses the incomplete fix from CVE-2023-40590. \r\n#It only affects Windows users\r\nhttps://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx", "cve": "CVE-2024-22190", @@ -49757,16 +50239,6 @@ "<=3.1.32" ], "v": "<=3.1.32" - }, - { - "advisory": "Gitpython 3.1.35 includes a fix for CVE-2023-41040: Blind local file inclusion vulnerability.\r\nhttps://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c", - "cve": "CVE-2023-41040", - "id": "pyup.io-60841", - "more_info_path": "/vulnerabilities/CVE-2023-41040/60841", - "specs": [ - "<=3.1.34" - ], - "v": "<=3.1.34" } ], "gitsup": [ @@ -49836,14 +50308,14 @@ "v": "<23.0.1,>=24.0.0.0rc1,<24.1.1,>=25.0.0.0b1,<25.0.0" }, { - "advisory": "An issue in affected versions of OpenStack Glance allows arbitrary file access via custom QCOW2 external data. An authenticated user can supply a crafted QCOW2 image that references a specific data file path, convincing systems to return a copy of that file's contents from the server. This results in unauthorized access to potentially sensitive data.", + "advisory": "A security flaw in affected versions of OpenStack Glance allows arbitrary file access via custom QCOW2 external data. An authenticated user can supply a crafted QCOW2 image that references a specific data file path, convincing systems to return a copy of that file's contents from the server. This results in unauthorized access to potentially sensitive data.", "cve": "CVE-2024-32498", "id": "pyup.io-72148", "more_info_path": "/vulnerabilities/CVE-2024-32498/72148", "specs": [ - "<29.0.0.0b1" + "<29.0.0.0b3" ], - "v": "<29.0.0.0b1" + "v": "<29.0.0.0b3" }, { "advisory": "The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.", @@ -49993,16 +50465,6 @@ ], "v": ">=2010,<2015.1.3,>=11.0.0.0rc1,<11.0.2" }, - { - "advisory": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.", - "cve": "CVE-2013-0212", - "id": "pyup.io-68005", - "more_info_path": "/vulnerabilities/CVE-2013-0212/68005", - "specs": [ - ">=2012.2,<2013.2.4" - ], - "v": ">=2012.2,<2013.2.4" - }, { "advisory": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.", "cve": "CVE-2012-5482", @@ -50023,6 +50485,16 @@ ], "v": ">=2012.2,<2013.2.4" }, + { + "advisory": "store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.", + "cve": "CVE-2013-0212", + "id": "pyup.io-68005", + "more_info_path": "/vulnerabilities/CVE-2013-0212/68005", + "specs": [ + ">=2012.2,<2013.2.4" + ], + "v": ">=2012.2,<2013.2.4" + }, { "advisory": "The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.", "cve": "CVE-2014-0162", @@ -50610,6 +51082,56 @@ ], "v": "<0.67.0" }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21736", + "id": "pyup.io-51191", + "more_info_path": "/vulnerabilities/CVE-2022-21736/51191", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23576", + "id": "pyup.io-51217", + "more_info_path": "/vulnerabilities/CVE-2022-23576/51217", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21734", + "id": "pyup.io-51189", + "more_info_path": "/vulnerabilities/CVE-2022-21734/51189", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23565", + "id": "pyup.io-51206", + "more_info_path": "/vulnerabilities/CVE-2022-23565/51206", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23585", + "id": "pyup.io-51225", + "more_info_path": "/vulnerabilities/CVE-2022-23585/51225", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-21740", @@ -50630,6 +51152,16 @@ ], "v": "<1.12.0" }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2018-25032", + "id": "pyup.io-51177", + "more_info_path": "/vulnerabilities/CVE-2018-25032/51177", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-21737", @@ -50690,16 +51222,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21736", - "id": "pyup.io-51191", - "more_info_path": "/vulnerabilities/CVE-2022-21736/51191", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-21727", @@ -50730,26 +51252,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23576", - "id": "pyup.io-51217", - "more_info_path": "/vulnerabilities/CVE-2022-23576/51217", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21734", - "id": "pyup.io-51189", - "more_info_path": "/vulnerabilities/CVE-2022-21734/51189", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-21728", @@ -50770,26 +51272,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23565", - "id": "pyup.io-51206", - "more_info_path": "/vulnerabilities/CVE-2022-23565/51206", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23585", - "id": "pyup.io-51225", - "more_info_path": "/vulnerabilities/CVE-2022-23585/51225", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-21735", @@ -50890,16 +51372,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-51177", - "more_info_path": "/vulnerabilities/CVE-2018-25032/51177", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23566", @@ -50961,20 +51433,20 @@ "v": "<1.12.0" }, { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23578", - "id": "pyup.io-51219", - "more_info_path": "/vulnerabilities/CVE-2022-23578/51219", + "advisory": "Gordo 1.12.0 updates its dependency \"numpy\" to v1.21.0 to include a security fix.", + "cve": "CVE-2021-33430", + "id": "pyup.io-51152", + "more_info_path": "/vulnerabilities/CVE-2021-33430/51152", "specs": [ "<1.12.0" ], "v": "<1.12.0" }, { - "advisory": "Gordo 1.12.0 updates its dependency \"numpy\" to v1.21.0 to include a security fix.", - "cve": "CVE-2021-33430", - "id": "pyup.io-51152", - "more_info_path": "/vulnerabilities/CVE-2021-33430/51152", + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21730", + "id": "pyup.io-51185", + "more_info_path": "/vulnerabilities/CVE-2022-21730/51185", "specs": [ "<1.12.0" ], @@ -50982,9 +51454,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23589", - "id": "pyup.io-51229", - "more_info_path": "/vulnerabilities/CVE-2022-23589/51229", + "cve": "CVE-2022-21739", + "id": "pyup.io-51194", + "more_info_path": "/vulnerabilities/CVE-2022-21739/51194", "specs": [ "<1.12.0" ], @@ -50992,9 +51464,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23587", - "id": "pyup.io-51227", - "more_info_path": "/vulnerabilities/CVE-2022-23587/51227", + "cve": "CVE-2022-21731", + "id": "pyup.io-51186", + "more_info_path": "/vulnerabilities/CVE-2022-21731/51186", "specs": [ "<1.12.0" ], @@ -51002,9 +51474,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23558", - "id": "pyup.io-51199", - "more_info_path": "/vulnerabilities/CVE-2022-23558/51199", + "cve": "CVE-2022-23569", + "id": "pyup.io-51210", + "more_info_path": "/vulnerabilities/CVE-2022-23569/51210", "specs": [ "<1.12.0" ], @@ -51012,9 +51484,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23581", - "id": "pyup.io-51221", - "more_info_path": "/vulnerabilities/CVE-2022-23581/51221", + "cve": "CVE-2022-23570", + "id": "pyup.io-51211", + "more_info_path": "/vulnerabilities/CVE-2022-23570/51211", "specs": [ "<1.12.0" ], @@ -51022,9 +51494,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21732", - "id": "pyup.io-51187", - "more_info_path": "/vulnerabilities/CVE-2022-21732/51187", + "cve": "CVE-2022-23578", + "id": "pyup.io-51219", + "more_info_path": "/vulnerabilities/CVE-2022-23578/51219", "specs": [ "<1.12.0" ], @@ -51032,9 +51504,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23591", - "id": "pyup.io-51230", - "more_info_path": "/vulnerabilities/CVE-2022-23591/51230", + "cve": "CVE-2022-23589", + "id": "pyup.io-51229", + "more_info_path": "/vulnerabilities/CVE-2022-23589/51229", "specs": [ "<1.12.0" ], @@ -51042,9 +51514,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21729", - "id": "pyup.io-51184", - "more_info_path": "/vulnerabilities/CVE-2022-21729/51184", + "cve": "CVE-2022-23587", + "id": "pyup.io-51227", + "more_info_path": "/vulnerabilities/CVE-2022-23587/51227", "specs": [ "<1.12.0" ], @@ -51052,9 +51524,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23563", - "id": "pyup.io-51204", - "more_info_path": "/vulnerabilities/CVE-2022-23563/51204", + "cve": "CVE-2022-23558", + "id": "pyup.io-51199", + "more_info_path": "/vulnerabilities/CVE-2022-23558/51199", "specs": [ "<1.12.0" ], @@ -51062,9 +51534,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23561", - "id": "pyup.io-51202", - "more_info_path": "/vulnerabilities/CVE-2022-23561/51202", + "cve": "CVE-2022-23581", + "id": "pyup.io-51221", + "more_info_path": "/vulnerabilities/CVE-2022-23581/51221", "specs": [ "<1.12.0" ], @@ -51072,9 +51544,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21730", - "id": "pyup.io-51185", - "more_info_path": "/vulnerabilities/CVE-2022-21730/51185", + "cve": "CVE-2022-23591", + "id": "pyup.io-51230", + "more_info_path": "/vulnerabilities/CVE-2022-23591/51230", "specs": [ "<1.12.0" ], @@ -51082,9 +51554,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23579", - "id": "pyup.io-51220", - "more_info_path": "/vulnerabilities/CVE-2022-23579/51220", + "cve": "CVE-2022-21732", + "id": "pyup.io-51187", + "more_info_path": "/vulnerabilities/CVE-2022-21732/51187", "specs": [ "<1.12.0" ], @@ -51092,9 +51564,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21739", - "id": "pyup.io-51194", - "more_info_path": "/vulnerabilities/CVE-2022-21739/51194", + "cve": "CVE-2022-21729", + "id": "pyup.io-51184", + "more_info_path": "/vulnerabilities/CVE-2022-21729/51184", "specs": [ "<1.12.0" ], @@ -51102,9 +51574,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21731", - "id": "pyup.io-51186", - "more_info_path": "/vulnerabilities/CVE-2022-21731/51186", + "cve": "CVE-2022-23563", + "id": "pyup.io-51204", + "more_info_path": "/vulnerabilities/CVE-2022-23563/51204", "specs": [ "<1.12.0" ], @@ -51112,9 +51584,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23569", - "id": "pyup.io-51210", - "more_info_path": "/vulnerabilities/CVE-2022-23569/51210", + "cve": "CVE-2022-23561", + "id": "pyup.io-51202", + "more_info_path": "/vulnerabilities/CVE-2022-23561/51202", "specs": [ "<1.12.0" ], @@ -51122,9 +51594,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23571", - "id": "pyup.io-51212", - "more_info_path": "/vulnerabilities/CVE-2022-23571/51212", + "cve": "CVE-2022-23579", + "id": "pyup.io-51220", + "more_info_path": "/vulnerabilities/CVE-2022-23579/51220", "specs": [ "<1.12.0" ], @@ -51132,9 +51604,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23567", - "id": "pyup.io-51208", - "more_info_path": "/vulnerabilities/CVE-2022-23567/51208", + "cve": "CVE-2022-23571", + "id": "pyup.io-51212", + "more_info_path": "/vulnerabilities/CVE-2022-23571/51212", "specs": [ "<1.12.0" ], @@ -51142,9 +51614,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23570", - "id": "pyup.io-51211", - "more_info_path": "/vulnerabilities/CVE-2022-23570/51211", + "cve": "CVE-2022-23567", + "id": "pyup.io-51208", + "more_info_path": "/vulnerabilities/CVE-2022-23567/51208", "specs": [ "<1.12.0" ], @@ -51421,8 +51893,8 @@ { "advisory": "An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.", "cve": "CVE-2024-1561", - "id": "pyup.io-71654", - "more_info_path": "/vulnerabilities/CVE-2024-1561/71654", + "id": "pyup.io-71889", + "more_info_path": "/vulnerabilities/CVE-2024-1561/71889", "specs": [ "<4.13.0" ], @@ -51431,8 +51903,8 @@ { "advisory": "An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables.", "cve": "CVE-2024-1561", - "id": "pyup.io-71889", - "more_info_path": "/vulnerabilities/CVE-2024-1561/71889", + "id": "pyup.io-71654", + "more_info_path": "/vulnerabilities/CVE-2024-1561/71654", "specs": [ "<4.13.0" ], @@ -51488,6 +51960,16 @@ ], "v": "<4.19.1" }, + { + "advisory": "Affected versions of the gradio package are vulnerable to improper file handling. This vulnerability could allow unauthorized access to files not properly uploaded, leading to potential data exposure or manipulation. The vulnerable functions include file processing methods that did not verify file locations. Exploitability depends on the ability to manipulate file paths or access non-uploaded files. The patch includes checks to ensure files are in the designated upload folder before processing. This vulnerability is specific to environments where file uploads are handled. The issue is tracked under CWE-552: Files or Directories Accessible to External Parties.", + "cve": "CVE-2024-1728", + "id": "pyup.io-73493", + "more_info_path": "/vulnerabilities/CVE-2024-1728/73493", + "specs": [ + "<4.19.2" + ], + "v": "<4.19.2" + }, { "advisory": "A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request.", "cve": "PVE-2024-99761", @@ -51795,6 +52277,18 @@ "v": ">=0.9.5,<0.9.11" } ], + "graphrag": [ + { + "advisory": "Graphrag affected versions may be susceptible to race conditions in the LocalSearchMixedContext class. This vulnerability could lead to data inconsistencies and unexpected behavior when accessing text units concurrently. The issue stems from direct references to shared resources without proper synchronization.", + "cve": "PVE-2024-73176", + "id": "pyup.io-73176", + "more_info_path": "/vulnerabilities/PVE-2024-73176/73176", + "specs": [ + "<0.3.4" + ], + "v": "<0.3.4" + } + ], "graphrepo": [ { "advisory": "Graphrepo 0.1.8 updates its dependency 'pyyaml' to v5.3.1 to include a security fix.", @@ -51939,20 +52433,20 @@ "v": "<1.3.0" }, { - "advisory": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.", - "cve": "CVE-2023-32731", - "id": "pyup.io-71993", - "more_info_path": "/vulnerabilities/CVE-2023-32731/71993", + "advisory": "Grpcio 1.53.0 includes a fix for a Connection Termination vulnerability. The prior versions contain a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies.\r\nhttps://github.com/advisories/GHSA-9hxf-ppjv-w6rq", + "cve": "CVE-2023-32732", + "id": "pyup.io-59868", + "more_info_path": "/vulnerabilities/CVE-2023-32732/59868", "specs": [ "<1.53.0" ], "v": "<1.53.0" }, { - "advisory": "Grpcio 1.53.0 includes a fix for a Connection Confusion vulnerability. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.\r\nhttps://github.com/advisories/GHSA-cfgp-2977-2fmm", - "cve": "CVE-2023-32731", - "id": "pyup.io-59869", - "more_info_path": "/vulnerabilities/CVE-2023-32731/59869", + "advisory": "gRPC contains a vulnerability whereby a client can cause a termination of the connection between an HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies.", + "cve": "CVE-2023-32732", + "id": "pyup.io-71995", + "more_info_path": "/vulnerabilities/CVE-2023-32732/71995", "specs": [ "<1.53.0" ], @@ -51969,30 +52463,30 @@ "v": "<1.53.0" }, { - "advisory": "gRPC contains a vulnerability whereby a client can cause a termination of the connection between an HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies.", - "cve": "CVE-2023-32732", - "id": "pyup.io-71995", - "more_info_path": "/vulnerabilities/CVE-2023-32732/71995", + "advisory": "Grpcio 1.53.0 includes a fix for a Reachable Assertion vulnerability. \r\nhttps://github.com/advisories/GHSA-6628-q6j9-w8vg", + "cve": "CVE-2023-1428", + "id": "pyup.io-59867", + "more_info_path": "/vulnerabilities/CVE-2023-1428/59867", "specs": [ "<1.53.0" ], "v": "<1.53.0" }, { - "advisory": "Grpcio 1.53.0 includes a fix for a Connection Termination vulnerability. The prior versions contain a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies.\r\nhttps://github.com/advisories/GHSA-9hxf-ppjv-w6rq", - "cve": "CVE-2023-32732", - "id": "pyup.io-59868", - "more_info_path": "/vulnerabilities/CVE-2023-32732/59868", + "advisory": "When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.", + "cve": "CVE-2023-32731", + "id": "pyup.io-71993", + "more_info_path": "/vulnerabilities/CVE-2023-32731/71993", "specs": [ "<1.53.0" ], "v": "<1.53.0" }, { - "advisory": "Grpcio 1.53.0 includes a fix for a Reachable Assertion vulnerability. \r\nhttps://github.com/advisories/GHSA-6628-q6j9-w8vg", - "cve": "CVE-2023-1428", - "id": "pyup.io-59867", - "more_info_path": "/vulnerabilities/CVE-2023-1428/59867", + "advisory": "Grpcio 1.53.0 includes a fix for a Connection Confusion vulnerability. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.\r\nhttps://github.com/advisories/GHSA-cfgp-2977-2fmm", + "cve": "CVE-2023-32731", + "id": "pyup.io-59869", + "more_info_path": "/vulnerabilities/CVE-2023-32731/59869", "specs": [ "<1.53.0" ], @@ -52187,6 +52681,16 @@ "<0.5.0" ], "v": "<0.5.0" + }, + { + "advisory": "A critical vulnerability in the Guardrails library allows arbitrary code execution through eval injection. In affected versions, the parse_rail_arguments function in validator_utils.py uses the eval() function to parse user-supplied arguments, potentially allowing attackers to execute malicious code. This vulnerability affects all users of the Guardrails library who process untrusted input.", + "cve": "CVE-2024-45858", + "id": "pyup.io-73283", + "more_info_path": "/vulnerabilities/CVE-2024-45858/73283", + "specs": [ + ">=0.2.9,<0.5.10" + ], + "v": ">=0.2.9,<0.5.10" } ], "guillotina": [ @@ -52352,20 +52856,20 @@ "v": "<2.8.3" }, { - "advisory": "Gyver 2.8.4 updates its dependency 'pydantic' to v2.4.1 to include a security fix.", - "cve": "PVE-2023-61416", - "id": "pyup.io-61501", - "more_info_path": "/vulnerabilities/PVE-2023-61416/61501", + "advisory": "Gyver 2.8.4 updates its dependency 'cryptography' to v41.0.4 to include a security fix.", + "cve": "CVE-2023-4807", + "id": "pyup.io-61510", + "more_info_path": "/vulnerabilities/CVE-2023-4807/61510", "specs": [ "<2.8.4" ], "v": "<2.8.4" }, { - "advisory": "Gyver 2.8.4 updates its dependency 'cryptography' to v41.0.4 to include a security fix.", - "cve": "CVE-2023-4807", - "id": "pyup.io-61510", - "more_info_path": "/vulnerabilities/CVE-2023-4807/61510", + "advisory": "Gyver 2.8.4 updates its dependency 'pydantic' to v2.4.1 to include a security fix.", + "cve": "PVE-2023-61416", + "id": "pyup.io-61501", + "more_info_path": "/vulnerabilities/PVE-2023-61416/61501", "specs": [ "<2.8.4" ], @@ -53289,9 +53793,9 @@ }, { "advisory": "Homeassistant 2023.8.1 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/home-assistant/core/pull/97611", - "cve": "CVE-2023-3446", - "id": "pyup.io-60229", - "more_info_path": "/vulnerabilities/CVE-2023-3446/60229", + "cve": "CVE-2023-3817", + "id": "pyup.io-60215", + "more_info_path": "/vulnerabilities/CVE-2023-3817/60215", "specs": [ "<2023.8.1" ], @@ -53299,9 +53803,9 @@ }, { "advisory": "Homeassistant 2023.8.1 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/home-assistant/core/pull/97611", - "cve": "CVE-2023-3817", - "id": "pyup.io-60215", - "more_info_path": "/vulnerabilities/CVE-2023-3817/60215", + "cve": "CVE-2023-3446", + "id": "pyup.io-60229", + "more_info_path": "/vulnerabilities/CVE-2023-3446/60229", "specs": [ "<2023.8.1" ], @@ -53753,20 +54257,20 @@ "v": ">2010,<2015.1.1" }, { - "advisory": "Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.", - "cve": "CVE-2012-3540", - "id": "pyup.io-68014", - "more_info_path": "/vulnerabilities/CVE-2012-3540/68014", + "advisory": "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.", + "cve": "CVE-2012-2094", + "id": "pyup.io-68011", + "more_info_path": "/vulnerabilities/CVE-2012-2094/68011", "specs": [ ">2010,<=2012.1" ], "v": ">2010,<=2012.1" }, { - "advisory": "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.", - "cve": "CVE-2012-2094", - "id": "pyup.io-68011", - "more_info_path": "/vulnerabilities/CVE-2012-2094/68011", + "advisory": "Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.", + "cve": "CVE-2012-3540", + "id": "pyup.io-68014", + "more_info_path": "/vulnerabilities/CVE-2012-3540/68014", "specs": [ ">2010,<=2012.1" ], @@ -57736,30 +58240,30 @@ "v": "<2.1.11,>=2.2,<2.2.4" }, { - "advisory": "Indico 2.1.3 prevents session managers/coordinators from modifying certain timetable entries or scheduling contributions not assigned to their session, and restricts access to timetable entry details to users who are not authorized to see them.\r\nhttps://github.com/indico/indico/commit/8b6ce324bc456c23df937ca97f143e71e40dbb0c", - "cve": "PVE-2022-45398", - "id": "pyup.io-45398", - "more_info_path": "/vulnerabilities/PVE-2022-45398/45398", + "advisory": "Indico 2.1.3 returns only timetable entries for the current session when updating a session through the timetable.\r\nhttps://github.com/indico/indico/issues/3474", + "cve": "PVE-1970-34153", + "id": "pyup.io-34153", + "more_info_path": "/vulnerabilities/PVE-1970-34153/34153", "specs": [ "<2.1.3" ], "v": "<2.1.3" }, { - "advisory": "Indico 2.1.3 returns only timetable entries for the current session when updating a session through the timetable.\r\nhttps://github.com/indico/indico/issues/3474", - "cve": "PVE-1970-34153", - "id": "pyup.io-34153", - "more_info_path": "/vulnerabilities/PVE-1970-34153/34153", + "advisory": "Indico 2.1.3 prevents session managers/coordinators from modifying certain timetable entries or scheduling contributions not assigned to their session, and restricts access to timetable entry details to users who are not authorized to see them.\r\nhttps://github.com/indico/indico/commit/8b6ce324bc456c23df937ca97f143e71e40dbb0c", + "cve": "PVE-2022-45398", + "id": "pyup.io-45398", + "more_info_path": "/vulnerabilities/PVE-2022-45398/45398", "specs": [ "<2.1.3" ], "v": "<2.1.3" }, { - "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5310", - "id": "pyup.io-38163", - "more_info_path": "/vulnerabilities/CVE-2020-5310/38163", + "advisory": "Indico 2.2.8 updates its dependency 'bleach' to v3.1.4 to include security fixes.", + "cve": "CVE-2020-6816", + "id": "pyup.io-43467", + "more_info_path": "/vulnerabilities/CVE-2020-6816/43467", "specs": [ "<2.2.8" ], @@ -57767,9 +58271,9 @@ }, { "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5311", - "id": "pyup.io-43462", - "more_info_path": "/vulnerabilities/CVE-2020-5311/43462", + "cve": "CVE-2020-5312", + "id": "pyup.io-43463", + "more_info_path": "/vulnerabilities/CVE-2020-5312/43463", "specs": [ "<2.2.8" ], @@ -57777,29 +58281,29 @@ }, { "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5313", - "id": "pyup.io-43464", - "more_info_path": "/vulnerabilities/CVE-2020-5313/43464", + "cve": "CVE-2019-19911", + "id": "pyup.io-43465", + "more_info_path": "/vulnerabilities/CVE-2019-19911/43465", "specs": [ "<2.2.8" ], "v": "<2.2.8" }, { - "advisory": "Indico 2.2.8 updates its dependency 'bleach' to v3.1.4 to include security fixes.", - "cve": "CVE-2020-6816", - "id": "pyup.io-43467", - "more_info_path": "/vulnerabilities/CVE-2020-6816/43467", + "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", + "cve": "CVE-2020-5310", + "id": "pyup.io-38163", + "more_info_path": "/vulnerabilities/CVE-2020-5310/38163", "specs": [ "<2.2.8" ], "v": "<2.2.8" }, { - "advisory": "Indico 2.2.8 updates its dependency 'bleach' to v3.1.4 to include security fixes.", - "cve": "CVE-2020-6817", - "id": "pyup.io-43466", - "more_info_path": "/vulnerabilities/CVE-2020-6817/43466", + "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", + "cve": "CVE-2020-5311", + "id": "pyup.io-43462", + "more_info_path": "/vulnerabilities/CVE-2020-5311/43462", "specs": [ "<2.2.8" ], @@ -57807,19 +58311,19 @@ }, { "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2019-19911", - "id": "pyup.io-43465", - "more_info_path": "/vulnerabilities/CVE-2019-19911/43465", + "cve": "CVE-2020-5313", + "id": "pyup.io-43464", + "more_info_path": "/vulnerabilities/CVE-2020-5313/43464", "specs": [ "<2.2.8" ], "v": "<2.2.8" }, { - "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5312", - "id": "pyup.io-43463", - "more_info_path": "/vulnerabilities/CVE-2020-5312/43463", + "advisory": "Indico 2.2.8 updates its dependency 'bleach' to v3.1.4 to include security fixes.", + "cve": "CVE-2020-6817", + "id": "pyup.io-43466", + "more_info_path": "/vulnerabilities/CVE-2020-6817/43466", "specs": [ "<2.2.8" ], @@ -57885,6 +58389,16 @@ ], "v": "<3.0rc1" }, + { + "advisory": "Indico 3.2.3 updates its dependency 'cryptography ' to include a security fix.", + "cve": "CVE-2023-0286", + "id": "pyup.io-53450", + "more_info_path": "/vulnerabilities/CVE-2023-0286/53450", + "specs": [ + "<3.2.3" + ], + "v": "<3.2.3" + }, { "advisory": "Indico 3.2.3 sanitizes HTML in global announcement messages to avoid XSS attacks.", "cve": "PVE-2023-53437", @@ -57905,16 +58419,6 @@ ], "v": "<3.2.3" }, - { - "advisory": "Indico 3.2.3 updates its dependency 'cryptography ' to include a security fix.", - "cve": "CVE-2023-0286", - "id": "pyup.io-53450", - "more_info_path": "/vulnerabilities/CVE-2023-0286/53450", - "specs": [ - "<3.2.3" - ], - "v": "<3.2.3" - }, { "advisory": "Indico 3.2.5 includes a fix for a XSS vulnerability.\r\nhttps://github.com/indico/indico/pull/5818", "cve": "PVE-2023-59202", @@ -57955,6 +58459,16 @@ ], "v": "<3.2.9" }, + { + "advisory": "Affected versions of Indico contain a Cross-Site Scripting (XSS) vulnerability during account creation, specifically when redirecting after successful signup. Exploitation requires initiating account creation with a maliciously crafted link, and then finalizing the signup process, so it can only target newly created (and thus unprivileged) Indico users. A workaround would be to configure one's web server to disallow requests containing a query string with a 'next' parameter that starts with 'javascript:'.", + "cve": "CVE-2024-45399", + "id": "pyup.io-73045", + "more_info_path": "/vulnerabilities/CVE-2024-45399/73045", + "specs": [ + "<3.3.4" + ], + "v": "<3.3.4" + }, { "advisory": "Indico 2.0.3 no longer shows contribution information (metadata including title, speakers and a partial description) in the contribution list unless the user has access to a contribution.", "cve": "PVE-2021-37568", @@ -58021,20 +58535,20 @@ ], "inference": [ { - "advisory": "In Inference affected versions, a numpy deserialization vulnerability has been found in <0.14.0.", - "cve": "PVE-2024-72145", - "id": "pyup.io-72145", - "more_info_path": "/vulnerabilities/PVE-2024-72145/72145", + "advisory": "In Inference affected versions, a server forgery request vulnerability has been found in <0.14.0.", + "cve": "PVE-2024-72144", + "id": "pyup.io-72144", + "more_info_path": "/vulnerabilities/PVE-2024-72144/72144", "specs": [ "<0.14.0" ], "v": "<0.14.0" }, { - "advisory": "In Inference affected versions, a server forgery request vulnerability has been found in <0.14.0.", - "cve": "PVE-2024-72144", - "id": "pyup.io-72144", - "more_info_path": "/vulnerabilities/PVE-2024-72144/72144", + "advisory": "In Inference affected versions, a numpy deserialization vulnerability has been found in <0.14.0.", + "cve": "PVE-2024-72145", + "id": "pyup.io-72145", + "more_info_path": "/vulnerabilities/PVE-2024-72145/72145", "specs": [ "<0.14.0" ], @@ -58049,6 +58563,16 @@ "<0.16.0" ], "v": "<0.16.0" + }, + { + "advisory": "Inference has upgraded its OpenCV dependency from opencv_python==4.7.0.72 to opencv-python>=4.8.1.78,<=4.10.0.84 to address a security vulnerability (CVE-2023-4863) found in the bundled libwebp binaries.", + "cve": "CVE-2023-4863", + "id": "pyup.io-73020", + "more_info_path": "/vulnerabilities/CVE-2023-4863/73020", + "specs": [ + "<0.17.1" + ], + "v": "<0.17.1" } ], "influx-prompt": [ @@ -58347,14 +58871,14 @@ ], "inquirer": [ { - "advisory": "Inquirer 3.1.2 updates its dependency 'GitPython' to v3.1.30 to include a security fix.\r\nhttps://github.com/magmax/python-inquirer/pull/331/commits/455f8b98cb402542810fb55bb717682101aeca27", + "advisory": "Inquirer 3.1.2 updates its dependency 'GitPython' to v3.1.30 to include a security fix.", "cve": "CVE-2022-24439", "id": "pyup.io-52742", "more_info_path": "/vulnerabilities/CVE-2022-24439/52742", "specs": [ - "<3.1.2" + ">=3.0.0,<3.1.2" ], - "v": "<3.1.2" + "v": ">=3.0.0,<3.1.2" } ], "insecure-package": [ @@ -58441,18 +58965,6 @@ "v": "<1.35.0" } ], - "intel-extension-for-tensorflow": [ - { - "advisory": "Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. See CVE-2023-30767.", - "cve": "CVE-2023-30767", - "id": "pyup.io-65691", - "more_info_path": "/vulnerabilities/CVE-2023-30767/65691", - "specs": [ - "<2.13.0" - ], - "v": "<2.13.0" - } - ], "intel-extension-for-transformers": [ { "advisory": "Intel-extension-for-transformers 1.2.2 escapes SQL strings for SDL to prevent SQL injections.\r\nhttps://github.com/intel/intel-extension-for-transformers/commit/43e8b9a9ee9fa7b27176fe14505f435f7add3620", @@ -59295,6 +59807,26 @@ ], "v": "<2.12.1,>=2.13.0rc0,<2.13.0" }, + { + "advisory": "Intel-tensorflow updates its curl dependency from version 8.2.1 to 8.4.0 to address CVE-2023-38545.", + "cve": "CVE-2023-38545", + "id": "pyup.io-73085", + "more_info_path": "/vulnerabilities/CVE-2023-38545/73085", + "specs": [ + "<2.14.0" + ], + "v": "<2.14.0" + }, + { + "advisory": "intel-tensorflow updates its curl dependency from version 8.2.1 to 8.4.0 to address CVE-2023-38546.", + "cve": "CVE-2023-38546", + "id": "pyup.io-73086", + "more_info_path": "/vulnerabilities/CVE-2023-38546/73086", + "specs": [ + "<2.14.0" + ], + "v": "<2.14.0" + }, { "advisory": "Intel-tensorflow 2.4.0 includes a fix for CVE-2020-15265: In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.", "cve": "CVE-2020-15265", @@ -62461,6 +62993,16 @@ ], "v": ">=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.5.0rc0,<2.5.0" }, + { + "advisory": "Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access. The vulnerable code is in OneDNN. OneDNN optimizations started to be available in the official x86-64 Linux and Windows builds from version 2.5.0 onward. Only users of OneDNN are affected.", + "cve": "CVE-2023-30767", + "id": "pyup.io-65691", + "more_info_path": "/vulnerabilities/CVE-2023-30767/65691", + "specs": [ + ">=2.5.0,<2.13.0" + ], + "v": ">=2.5.0,<2.13.0" + }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", "cve": "CVE-2021-29539", @@ -65175,6 +65717,26 @@ ], "v": "<2.12" }, + { + "advisory": "Intel-tensorflow-avx512 updates its curl dependency from version 8.2.1 to 8.4.0 to address CVE-2023-38546.", + "cve": "CVE-2023-38546", + "id": "pyup.io-73088", + "more_info_path": "/vulnerabilities/CVE-2023-38546/73088", + "specs": [ + "<2.14.0" + ], + "v": "<2.14.0" + }, + { + "advisory": "Intel-tensorflow-avx512 updates its curl dependency from version 8.2.1 to 8.4.0 to address CVE-2023-38545.", + "cve": "CVE-2023-38545", + "id": "pyup.io-73087", + "more_info_path": "/vulnerabilities/CVE-2023-38545/73087", + "specs": [ + "<2.14.0" + ], + "v": "<2.14.0" + }, { "advisory": "Intel-tensorflow-avx512 2.4.0 includes a fix for CVE-2020-15266: In Tensorflow before version 2.4.0, when the 'boxes' argument of 'tf.image.crop_and_resize' has a very large value, the CPU kernel implementation receives it as a C++ 'nan' floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.\nhttps://github.com/tensorflow/tensorflow/issues/42129\nhttps://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc", "cve": "CVE-2020-15266", @@ -70739,16 +71301,6 @@ ], "v": "<0.8.0" }, - { - "advisory": "Inventree 0.7.2 includes a security fix: Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views.\r\n- https://huntr.dev/bounties/4cae8442-c042-43c2-ad89-6f666eaf3d57/\r\n- https://huntr.dev/bounties/9d640ef2-c52c-4106-b043-f7497d577078/\r\n- https://huntr.dev/bounties/b114e82f-6c02-485b-82ea-e242f89169c2/\r\n- https://huntr.dev/bounties/22783cd3-1b2c-48fc-b31f-03b53c86da0b/", - "cve": "PVE-2023-55205", - "id": "pyup.io-55205", - "more_info_path": "/vulnerabilities/PVE-2023-55205/55205", - "specs": [ - ">=0,<0.7.2" - ], - "v": ">=0,<0.7.2" - }, { "advisory": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.\r\nhttps://github.com/inventree/InvenTree/security/advisories/GHSA-7rq4-qcpw-74gq", "cve": "CVE-2022-2112", @@ -70769,6 +71321,16 @@ ], "v": ">=0,<0.7.2" }, + { + "advisory": "Inventree 0.7.2 includes a security fix: Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views.\r\n- https://huntr.dev/bounties/4cae8442-c042-43c2-ad89-6f666eaf3d57/\r\n- https://huntr.dev/bounties/9d640ef2-c52c-4106-b043-f7497d577078/\r\n- https://huntr.dev/bounties/b114e82f-6c02-485b-82ea-e242f89169c2/\r\n- https://huntr.dev/bounties/22783cd3-1b2c-48fc-b31f-03b53c86da0b/", + "cve": "PVE-2023-55205", + "id": "pyup.io-55205", + "more_info_path": "/vulnerabilities/PVE-2023-55205/55205", + "specs": [ + ">=0,<0.7.2" + ], + "v": ">=0,<0.7.2" + }, { "advisory": "Inventree prior to 0.8.3 is vulnerable to stored cross-site scripting by uploading SVG files. Version 0.8.3 contains a patch for this issue.", "cve": "CVE-2022-3355", @@ -70826,7 +71388,7 @@ ], "iotics-identity": [ { - "advisory": "Iotics-identity updated the cryptography library to fix CVEs, including CVE-2023-50782.", + "advisory": "Iotics-identity updates its dependency 'cryptography' to include a security fix.", "cve": "CVE-2023-50782", "id": "pyup.io-72250", "more_info_path": "/vulnerabilities/CVE-2023-50782/72250", @@ -70888,7 +71450,7 @@ "v": "<4.4.3" }, { - "advisory": "A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points, FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for the reflection of a cookie representing an already logged-in user. An attacker would always have to go through a new authentication attempt.", + "advisory": "A Cross-site request forgery vulnerability exists in ipa/session/login_password. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points, FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for the reflection of a cookie representing an already logged-in user. An attacker would always have to go through a new authentication attempt.", "cve": "CVE-2023-5455", "id": "pyup.io-65209", "more_info_path": "/vulnerabilities/CVE-2023-5455/65209", @@ -71019,6 +71581,16 @@ } ], "ipams": [ + { + "advisory": "IPAMS updates the 'requests' dependency to v2.32.2 to address CVE-2024-35195.", + "cve": "CVE-2024-35195", + "id": "pyup.io-73443", + "more_info_path": "/vulnerabilities/CVE-2024-35195/73443", + "specs": [ + "<1.3.12" + ], + "v": "<1.3.12" + }, { "advisory": "Ipams 1.3.3 updates its dependency 'requests' to version '2.31.0' to include a security fix.\r\nhttps://github.com/rwxd/ipams/commit/0f54f1f30b0446594eb3c245882e00dd728dabba", "cve": "CVE-2023-32681", @@ -71219,6 +71791,18 @@ "v": ">=0,<=0.1.4" } ], + "ipycanvas": [ + { + "advisory": "ipycanvas affected versions contain a security vulnerability in the GitHub Actions workflow for updating Galata references. The flaw allows any user with pull request commenting permissions to trigger unauthorized job executions by including a specific phrase in their comment. This could potentially be exploited to run unwanted jobs or overload CI resources. The issue has been addressed by implementing role-based access controls, restricting the ability to trigger the job to repository owners, collaborators, and members only.", + "cve": "PVE-2024-73077", + "id": "pyup.io-73077", + "more_info_path": "/vulnerabilities/PVE-2024-73077/73077", + "specs": [ + "<0.13.3" + ], + "v": "<0.13.3" + } + ], "ipyflow": [ { "advisory": "Ipyflow 0.0.69 updates its NPM dependency 'codemirror' to v5.58.3 to include a security fix.", @@ -71260,16 +71844,6 @@ ], "v": "<0.0.85" }, - { - "advisory": "Ipyflow 0.0.85 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0686", - "id": "pyup.io-51775", - "more_info_path": "/vulnerabilities/CVE-2022-0686/51775", - "specs": [ - "<0.0.85" - ], - "v": "<0.0.85" - }, { "advisory": "Ipyflow 0.0.85 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", "cve": "CVE-2022-0512", @@ -71289,6 +71863,16 @@ "<0.0.85" ], "v": "<0.0.85" + }, + { + "advisory": "Ipyflow 0.0.85 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", + "cve": "CVE-2022-0686", + "id": "pyup.io-51775", + "more_info_path": "/vulnerabilities/CVE-2022-0686/51775", + "specs": [ + "<0.0.85" + ], + "v": "<0.0.85" } ], "ipyhton": [ @@ -72210,20 +72794,20 @@ ], "jetson-stats": [ { - "advisory": "Jetson-stats 4.2.4 updates its dependency 'tornado' to include a security fix.", - "cve": "PVE-2023-99925", - "id": "pyup.io-64409", - "more_info_path": "/vulnerabilities/PVE-2023-99925/64409", + "advisory": "Jetson-stats 4.2.4 updates its dependency 'pillow' to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-64435", + "more_info_path": "/vulnerabilities/CVE-2023-4863/64435", "specs": [ "<4.2.4" ], "v": "<4.2.4" }, { - "advisory": "Jetson-stats 4.2.4 updates its dependency 'pillow' to include a security fix.", - "cve": "CVE-2023-4863", - "id": "pyup.io-64435", - "more_info_path": "/vulnerabilities/CVE-2023-4863/64435", + "advisory": "Jetson-stats 4.2.4 updates its dependency 'tornado' to include a security fix.", + "cve": "PVE-2023-99925", + "id": "pyup.io-64409", + "more_info_path": "/vulnerabilities/PVE-2023-99925/64409", "specs": [ "<4.2.4" ], @@ -72265,9 +72849,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29550", - "id": "pyup.io-44082", - "more_info_path": "/vulnerabilities/CVE-2021-29550/44082", + "cve": "CVE-2021-29566", + "id": "pyup.io-44079", + "more_info_path": "/vulnerabilities/CVE-2021-29566/44079", "specs": [ "<2.0.0" ], @@ -72303,16 +72887,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29566", - "id": "pyup.io-44079", - "more_info_path": "/vulnerabilities/CVE-2021-29566/44079", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29549", @@ -72345,9 +72919,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29579", - "id": "pyup.io-44101", - "more_info_path": "/vulnerabilities/CVE-2021-29579/44101", + "cve": "CVE-2021-29586", + "id": "pyup.io-44107", + "more_info_path": "/vulnerabilities/CVE-2021-29586/44107", "specs": [ "<2.0.0" ], @@ -72355,9 +72929,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29586", - "id": "pyup.io-44107", - "more_info_path": "/vulnerabilities/CVE-2021-29586/44107", + "cve": "CVE-2021-29579", + "id": "pyup.io-44101", + "more_info_path": "/vulnerabilities/CVE-2021-29579/44101", "specs": [ "<2.0.0" ], @@ -72415,9 +72989,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29552", - "id": "pyup.io-44144", - "more_info_path": "/vulnerabilities/CVE-2021-29552/44144", + "cve": "CVE-2021-29615", + "id": "pyup.io-44138", + "more_info_path": "/vulnerabilities/CVE-2021-29615/44138", "specs": [ "<2.0.0" ], @@ -72425,9 +72999,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29615", - "id": "pyup.io-44138", - "more_info_path": "/vulnerabilities/CVE-2021-29615/44138", + "cve": "CVE-2021-29552", + "id": "pyup.io-44144", + "more_info_path": "/vulnerabilities/CVE-2021-29552/44144", "specs": [ "<2.0.0" ], @@ -72463,16 +73037,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29585", - "id": "pyup.io-44106", - "more_info_path": "/vulnerabilities/CVE-2021-29585/44106", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29520", @@ -72515,9 +73079,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29573", - "id": "pyup.io-44167", - "more_info_path": "/vulnerabilities/CVE-2021-29573/44167", + "cve": "CVE-2021-29574", + "id": "pyup.io-44168", + "more_info_path": "/vulnerabilities/CVE-2021-29574/44168", "specs": [ "<2.0.0" ], @@ -72533,16 +73097,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29574", - "id": "pyup.io-44168", - "more_info_path": "/vulnerabilities/CVE-2021-29574/44168", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29608", @@ -72553,16 +73107,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29526", - "id": "pyup.io-44157", - "more_info_path": "/vulnerabilities/CVE-2021-29526/44157", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29523", @@ -72585,9 +73129,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29554", - "id": "pyup.io-44145", - "more_info_path": "/vulnerabilities/CVE-2021-29554/44145", + "cve": "CVE-2021-29559", + "id": "pyup.io-44153", + "more_info_path": "/vulnerabilities/CVE-2021-29559/44153", "specs": [ "<2.0.0" ], @@ -72605,9 +73149,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29587", - "id": "pyup.io-44077", - "more_info_path": "/vulnerabilities/CVE-2021-29587/44077", + "cve": "CVE-2021-29561", + "id": "pyup.io-44162", + "more_info_path": "/vulnerabilities/CVE-2021-29561/44162", "specs": [ "<2.0.0" ], @@ -72615,9 +73159,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29559", - "id": "pyup.io-44153", - "more_info_path": "/vulnerabilities/CVE-2021-29559/44153", + "cve": "CVE-2021-29546", + "id": "pyup.io-44135", + "more_info_path": "/vulnerabilities/CVE-2021-29546/44135", "specs": [ "<2.0.0" ], @@ -72625,9 +73169,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2020-8285", - "id": "pyup.io-44172", - "more_info_path": "/vulnerabilities/CVE-2020-8285/44172", + "cve": "CVE-2021-29594", + "id": "pyup.io-44112", + "more_info_path": "/vulnerabilities/CVE-2021-29594/44112", "specs": [ "<2.0.0" ], @@ -72635,9 +73179,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29546", - "id": "pyup.io-44135", - "more_info_path": "/vulnerabilities/CVE-2021-29546/44135", + "cve": "CVE-2021-29570", + "id": "pyup.io-44164", + "more_info_path": "/vulnerabilities/CVE-2021-29570/44164", "specs": [ "<2.0.0" ], @@ -72645,9 +73189,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29594", - "id": "pyup.io-44112", - "more_info_path": "/vulnerabilities/CVE-2021-29594/44112", + "cve": "CVE-2021-29589", + "id": "pyup.io-44087", + "more_info_path": "/vulnerabilities/CVE-2021-29589/44087", "specs": [ "<2.0.0" ], @@ -72655,9 +73199,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29561", - "id": "pyup.io-44162", - "more_info_path": "/vulnerabilities/CVE-2021-29561/44162", + "cve": "CVE-2021-29542", + "id": "pyup.io-44129", + "more_info_path": "/vulnerabilities/CVE-2021-29542/44129", "specs": [ "<2.0.0" ], @@ -72665,9 +73209,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29617", - "id": "pyup.io-44139", - "more_info_path": "/vulnerabilities/CVE-2021-29617/44139", + "cve": "CVE-2021-29535", + "id": "pyup.io-44090", + "more_info_path": "/vulnerabilities/CVE-2021-29535/44090", "specs": [ "<2.0.0" ], @@ -72675,9 +73219,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29570", - "id": "pyup.io-44164", - "more_info_path": "/vulnerabilities/CVE-2021-29570/44164", + "cve": "CVE-2021-29538", + "id": "pyup.io-44093", + "more_info_path": "/vulnerabilities/CVE-2021-29538/44093", "specs": [ "<2.0.0" ], @@ -72685,9 +73229,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29557", - "id": "pyup.io-44149", - "more_info_path": "/vulnerabilities/CVE-2021-29557/44149", + "cve": "CVE-2021-29572", + "id": "pyup.io-44098", + "more_info_path": "/vulnerabilities/CVE-2021-29572/44098", "specs": [ "<2.0.0" ], @@ -72695,9 +73239,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29589", - "id": "pyup.io-44087", - "more_info_path": "/vulnerabilities/CVE-2021-29589/44087", + "cve": "CVE-2021-29545", + "id": "pyup.io-44083", + "more_info_path": "/vulnerabilities/CVE-2021-29545/44083", "specs": [ "<2.0.0" ], @@ -72705,9 +73249,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29542", - "id": "pyup.io-44129", - "more_info_path": "/vulnerabilities/CVE-2021-29542/44129", + "cve": "CVE-2021-29534", + "id": "pyup.io-44075", + "more_info_path": "/vulnerabilities/CVE-2021-29534/44075", "specs": [ "<2.0.0" ], @@ -72715,9 +73259,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29522", - "id": "pyup.io-44063", - "more_info_path": "/vulnerabilities/CVE-2021-29522/44063", + "cve": "CVE-2021-29531", + "id": "pyup.io-44121", + "more_info_path": "/vulnerabilities/CVE-2021-29531/44121", "specs": [ "<2.0.0" ], @@ -72725,9 +73269,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29603", - "id": "pyup.io-44126", - "more_info_path": "/vulnerabilities/CVE-2021-29603/44126", + "cve": "CVE-2021-29516", + "id": "pyup.io-44158", + "more_info_path": "/vulnerabilities/CVE-2021-29516/44158", "specs": [ "<2.0.0" ], @@ -72735,9 +73279,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29535", - "id": "pyup.io-44090", - "more_info_path": "/vulnerabilities/CVE-2021-29535/44090", + "cve": "CVE-2021-29530", + "id": "pyup.io-44118", + "more_info_path": "/vulnerabilities/CVE-2021-29530/44118", "specs": [ "<2.0.0" ], @@ -72745,9 +73289,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29538", - "id": "pyup.io-44093", - "more_info_path": "/vulnerabilities/CVE-2021-29538/44093", + "cve": "CVE-2021-29518", + "id": "pyup.io-44156", + "more_info_path": "/vulnerabilities/CVE-2021-29518/44156", "specs": [ "<2.0.0" ], @@ -72755,9 +73299,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29572", - "id": "pyup.io-44098", - "more_info_path": "/vulnerabilities/CVE-2021-29572/44098", + "cve": "CVE-2021-29614", + "id": "pyup.io-44173", + "more_info_path": "/vulnerabilities/CVE-2021-29614/44173", "specs": [ "<2.0.0" ], @@ -72765,9 +73309,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29596", - "id": "pyup.io-44115", - "more_info_path": "/vulnerabilities/CVE-2021-29596/44115", + "cve": "CVE-2021-29584", + "id": "pyup.io-44105", + "more_info_path": "/vulnerabilities/CVE-2021-29584/44105", "specs": [ "<2.0.0" ], @@ -72775,9 +73319,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29545", - "id": "pyup.io-44083", - "more_info_path": "/vulnerabilities/CVE-2021-29545/44083", + "cve": "CVE-2021-29524", + "id": "pyup.io-44064", + "more_info_path": "/vulnerabilities/CVE-2021-29524/44064", "specs": [ "<2.0.0" ], @@ -72785,9 +73329,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29531", - "id": "pyup.io-44121", - "more_info_path": "/vulnerabilities/CVE-2021-29531/44121", + "cve": "CVE-2021-29552", + "id": "pyup.io-44142", + "more_info_path": "/vulnerabilities/CVE-2021-29552/44142", "specs": [ "<2.0.0" ], @@ -72795,9 +73339,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29513", - "id": "pyup.io-44097", - "more_info_path": "/vulnerabilities/CVE-2021-29513/44097", + "cve": "CVE-2021-29532", + "id": "pyup.io-44070", + "more_info_path": "/vulnerabilities/CVE-2021-29532/44070", "specs": [ "<2.0.0" ], @@ -72805,9 +73349,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29534", - "id": "pyup.io-44075", - "more_info_path": "/vulnerabilities/CVE-2021-29534/44075", + "cve": "CVE-2021-29619", + "id": "pyup.io-44143", + "more_info_path": "/vulnerabilities/CVE-2021-29619/44143", "specs": [ "<2.0.0" ], @@ -72815,9 +73359,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29516", - "id": "pyup.io-44158", - "more_info_path": "/vulnerabilities/CVE-2021-29516/44158", + "cve": "CVE-2021-29544", + "id": "pyup.io-44074", + "more_info_path": "/vulnerabilities/CVE-2021-29544/44074", "specs": [ "<2.0.0" ], @@ -72825,9 +73369,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29530", - "id": "pyup.io-44118", - "more_info_path": "/vulnerabilities/CVE-2021-29530/44118", + "cve": "CVE-2021-29616", + "id": "pyup.io-44071", + "more_info_path": "/vulnerabilities/CVE-2021-29616/44071", "specs": [ "<2.0.0" ], @@ -72835,9 +73379,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29518", - "id": "pyup.io-44156", - "more_info_path": "/vulnerabilities/CVE-2021-29518/44156", + "cve": "CVE-2021-29554", + "id": "pyup.io-44145", + "more_info_path": "/vulnerabilities/CVE-2021-29554/44145", "specs": [ "<2.0.0" ], @@ -72845,9 +73389,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29614", - "id": "pyup.io-44173", - "more_info_path": "/vulnerabilities/CVE-2021-29614/44173", + "cve": "CVE-2021-29617", + "id": "pyup.io-44139", + "more_info_path": "/vulnerabilities/CVE-2021-29617/44139", "specs": [ "<2.0.0" ], @@ -72855,9 +73399,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29584", - "id": "pyup.io-44105", - "more_info_path": "/vulnerabilities/CVE-2021-29584/44105", + "cve": "CVE-2021-29557", + "id": "pyup.io-44149", + "more_info_path": "/vulnerabilities/CVE-2021-29557/44149", "specs": [ "<2.0.0" ], @@ -72865,9 +73409,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29532", - "id": "pyup.io-44070", - "more_info_path": "/vulnerabilities/CVE-2021-29532/44070", + "cve": "CVE-2021-29577", + "id": "pyup.io-44171", + "more_info_path": "/vulnerabilities/CVE-2021-29577/44171", "specs": [ "<2.0.0" ], @@ -72875,9 +73419,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29524", - "id": "pyup.io-44064", - "more_info_path": "/vulnerabilities/CVE-2021-29524/44064", + "cve": "CVE-2021-29533", + "id": "pyup.io-44089", + "more_info_path": "/vulnerabilities/CVE-2021-29533/44089", "specs": [ "<2.0.0" ], @@ -72885,9 +73429,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29544", - "id": "pyup.io-44074", - "more_info_path": "/vulnerabilities/CVE-2021-29544/44074", + "cve": "CVE-2021-29612", + "id": "pyup.io-44134", + "more_info_path": "/vulnerabilities/CVE-2021-29612/44134", "specs": [ "<2.0.0" ], @@ -72895,9 +73439,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29552", - "id": "pyup.io-44142", - "more_info_path": "/vulnerabilities/CVE-2021-29552/44142", + "cve": "CVE-2021-29605", + "id": "pyup.io-44127", + "more_info_path": "/vulnerabilities/CVE-2021-29605/44127", "specs": [ "<2.0.0" ], @@ -72905,9 +73449,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29619", - "id": "pyup.io-44143", - "more_info_path": "/vulnerabilities/CVE-2021-29619/44143", + "cve": "CVE-2021-29578", + "id": "pyup.io-44100", + "more_info_path": "/vulnerabilities/CVE-2021-29578/44100", "specs": [ "<2.0.0" ], @@ -72915,9 +73459,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29514", - "id": "pyup.io-44085", - "more_info_path": "/vulnerabilities/CVE-2021-29514/44085", + "cve": "CVE-2021-29517", + "id": "pyup.io-44160", + "more_info_path": "/vulnerabilities/CVE-2021-29517/44160", "specs": [ "<2.0.0" ], @@ -72925,9 +73469,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29616", - "id": "pyup.io-44071", - "more_info_path": "/vulnerabilities/CVE-2021-29616/44071", + "cve": "CVE-2021-29576", + "id": "pyup.io-44169", + "more_info_path": "/vulnerabilities/CVE-2021-29576/44169", "specs": [ "<2.0.0" ], @@ -72935,9 +73479,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29613", - "id": "pyup.io-44137", - "more_info_path": "/vulnerabilities/CVE-2021-29613/44137", + "cve": "CVE-2021-29593", + "id": "pyup.io-44114", + "more_info_path": "/vulnerabilities/CVE-2021-29593/44114", "specs": [ "<2.0.0" ], @@ -72945,9 +73489,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29577", - "id": "pyup.io-44171", - "more_info_path": "/vulnerabilities/CVE-2021-29577/44171", + "cve": "CVE-2021-29601", + "id": "pyup.io-44125", + "more_info_path": "/vulnerabilities/CVE-2021-29601/44125", "specs": [ "<2.0.0" ], @@ -72955,9 +73499,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29533", - "id": "pyup.io-44089", - "more_info_path": "/vulnerabilities/CVE-2021-29533/44089", + "cve": "CVE-2021-29528", + "id": "pyup.io-44117", + "more_info_path": "/vulnerabilities/CVE-2021-29528/44117", "specs": [ "<2.0.0" ], @@ -72965,9 +73509,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29612", - "id": "pyup.io-44134", - "more_info_path": "/vulnerabilities/CVE-2021-29612/44134", + "cve": "CVE-2021-29526", + "id": "pyup.io-44157", + "more_info_path": "/vulnerabilities/CVE-2021-29526/44157", "specs": [ "<2.0.0" ], @@ -72975,9 +73519,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29578", - "id": "pyup.io-44100", - "more_info_path": "/vulnerabilities/CVE-2021-29578/44100", + "cve": "CVE-2021-29587", + "id": "pyup.io-44077", + "more_info_path": "/vulnerabilities/CVE-2021-29587/44077", "specs": [ "<2.0.0" ], @@ -72985,9 +73529,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29517", - "id": "pyup.io-44160", - "more_info_path": "/vulnerabilities/CVE-2021-29517/44160", + "cve": "CVE-2020-8285", + "id": "pyup.io-44172", + "more_info_path": "/vulnerabilities/CVE-2020-8285/44172", "specs": [ "<2.0.0" ], @@ -72995,9 +73539,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29605", - "id": "pyup.io-44127", - "more_info_path": "/vulnerabilities/CVE-2021-29605/44127", + "cve": "CVE-2021-29522", + "id": "pyup.io-44063", + "more_info_path": "/vulnerabilities/CVE-2021-29522/44063", "specs": [ "<2.0.0" ], @@ -73005,9 +73549,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29601", - "id": "pyup.io-44125", - "more_info_path": "/vulnerabilities/CVE-2021-29601/44125", + "cve": "CVE-2021-29585", + "id": "pyup.io-44106", + "more_info_path": "/vulnerabilities/CVE-2021-29585/44106", "specs": [ "<2.0.0" ], @@ -73015,9 +73559,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29576", - "id": "pyup.io-44169", - "more_info_path": "/vulnerabilities/CVE-2021-29576/44169", + "cve": "CVE-2021-29573", + "id": "pyup.io-44167", + "more_info_path": "/vulnerabilities/CVE-2021-29573/44167", "specs": [ "<2.0.0" ], @@ -73025,9 +73569,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29593", - "id": "pyup.io-44114", - "more_info_path": "/vulnerabilities/CVE-2021-29593/44114", + "cve": "CVE-2021-29596", + "id": "pyup.io-44115", + "more_info_path": "/vulnerabilities/CVE-2021-29596/44115", "specs": [ "<2.0.0" ], @@ -73035,9 +73579,19 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29528", - "id": "pyup.io-44117", - "more_info_path": "/vulnerabilities/CVE-2021-29528/44117", + "cve": "CVE-2021-29613", + "id": "pyup.io-44137", + "more_info_path": "/vulnerabilities/CVE-2021-29613/44137", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29555", + "id": "pyup.io-44147", + "more_info_path": "/vulnerabilities/CVE-2021-29555/44147", "specs": [ "<2.0.0" ], @@ -73105,9 +73659,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29590", - "id": "pyup.io-44109", - "more_info_path": "/vulnerabilities/CVE-2021-29590/44109", + "cve": "CVE-2021-29599", + "id": "pyup.io-44123", + "more_info_path": "/vulnerabilities/CVE-2021-29599/44123", "specs": [ "<2.0.0" ], @@ -73115,9 +73669,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29548", - "id": "pyup.io-44091", - "more_info_path": "/vulnerabilities/CVE-2021-29548/44091", + "cve": "CVE-2021-29590", + "id": "pyup.io-44109", + "more_info_path": "/vulnerabilities/CVE-2021-29590/44109", "specs": [ "<2.0.0" ], @@ -73125,9 +73679,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29599", - "id": "pyup.io-44123", - "more_info_path": "/vulnerabilities/CVE-2021-29599/44123", + "cve": "CVE-2021-29548", + "id": "pyup.io-44091", + "more_info_path": "/vulnerabilities/CVE-2021-29548/44091", "specs": [ "<2.0.0" ], @@ -73173,16 +73727,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29555", - "id": "pyup.io-44147", - "more_info_path": "/vulnerabilities/CVE-2021-29555/44147", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29580", @@ -73195,9 +73739,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29525", - "id": "pyup.io-44061", - "more_info_path": "/vulnerabilities/CVE-2021-29525/44061", + "cve": "CVE-2021-29515", + "id": "pyup.io-44166", + "more_info_path": "/vulnerabilities/CVE-2021-29515/44166", "specs": [ "<2.0.0" ], @@ -73205,9 +73749,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29515", - "id": "pyup.io-44166", - "more_info_path": "/vulnerabilities/CVE-2021-29515/44166", + "cve": "CVE-2020-8231", + "id": "pyup.io-44148", + "more_info_path": "/vulnerabilities/CVE-2020-8231/44148", "specs": [ "<2.0.0" ], @@ -73215,9 +73759,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2020-8231", - "id": "pyup.io-44148", - "more_info_path": "/vulnerabilities/CVE-2020-8231/44148", + "cve": "CVE-2021-29547", + "id": "pyup.io-44073", + "more_info_path": "/vulnerabilities/CVE-2021-29547/44073", "specs": [ "<2.0.0" ], @@ -73235,9 +73779,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29547", - "id": "pyup.io-44073", - "more_info_path": "/vulnerabilities/CVE-2021-29547/44073", + "cve": "CVE-2021-29525", + "id": "pyup.io-44061", + "more_info_path": "/vulnerabilities/CVE-2021-29525/44061", "specs": [ "<2.0.0" ], @@ -73315,9 +73859,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29563", - "id": "pyup.io-44080", - "more_info_path": "/vulnerabilities/CVE-2021-29563/44080", + "cve": "CVE-2021-29588", + "id": "pyup.io-44108", + "more_info_path": "/vulnerabilities/CVE-2021-29588/44108", "specs": [ "<2.0.0" ], @@ -73343,16 +73887,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29588", - "id": "pyup.io-44108", - "more_info_path": "/vulnerabilities/CVE-2021-29588/44108", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29537", @@ -73383,6 +73917,56 @@ ], "v": "<2.0.0" }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29563", + "id": "pyup.io-44080", + "more_info_path": "/vulnerabilities/CVE-2021-29563/44080", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29513", + "id": "pyup.io-44097", + "more_info_path": "/vulnerabilities/CVE-2021-29513/44097", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29550", + "id": "pyup.io-44082", + "more_info_path": "/vulnerabilities/CVE-2021-29550/44082", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29603", + "id": "pyup.io-44126", + "more_info_path": "/vulnerabilities/CVE-2021-29603/44126", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29514", + "id": "pyup.io-44085", + "more_info_path": "/vulnerabilities/CVE-2021-29514/44085", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, { "advisory": "Jina version 2.0.24 updates its dependency \"pillow\" to v8.3.2 to include security fixes.", "cve": "CVE-2021-23437", @@ -73886,6 +74470,18 @@ "v": "<2.2.2" } ], + "jsonpickle": [ + { + "advisory": "Jsonpickle affected versions are vulnerable to arbitrary code execution during deserialization. The loadrepr() function in jsonpickle/unpickler.py uses eval() to deserialize objects, allowing potential attackers to execute malicious code when processing untrusted input. It could lead to remote code execution, data theft, or other malicious activities. The fix commit replaces the unsafe eval() with a more secure loadmodule() function.", + "cve": "PVE-2024-72982", + "id": "pyup.io-72982", + "more_info_path": "/vulnerabilities/PVE-2024-72982/72982", + "specs": [ + "<3.3.0" + ], + "v": "<3.3.0" + } + ], "jsonrpc-pyclient": [ { "advisory": "jsonrpc-pyclient 0.7.0 fixes security issues in unixdomainsocket connectors.", @@ -74805,6 +75401,38 @@ "v": "<5.0.2" } ], + "jupyterlab-spreadsheet": [ + { + "advisory": "Jupyterlab-spreadsheet 0.3.2 updates its dependency 'jQuery' to 3.5.0 to include a security fix.", + "cve": "CVE-2020-11022", + "id": "pyup.io-73121", + "more_info_path": "/vulnerabilities/CVE-2020-11022/73121", + "specs": [ + "<0.3.2" + ], + "v": "<0.3.2" + }, + { + "advisory": "Jupyterlab-spreadsheet 0.4.1 updates its NPM dependency 'lodash' to v4.17.21 to include security fixes.", + "cve": "CVE-2020-8203", + "id": "pyup.io-73120", + "more_info_path": "/vulnerabilities/CVE-2020-8203/73120", + "specs": [ + "<0.4.1" + ], + "v": "<0.4.1" + }, + { + "advisory": "Jupyterlab-spreadsheet 0.4.1 updates its NPM dependency 'lodash' to v4.17.21 to include security fixes.", + "cve": "CVE-2021-23337", + "id": "pyup.io-73122", + "more_info_path": "/vulnerabilities/CVE-2021-23337/73122", + "specs": [ + "<0.4.1" + ], + "v": "<0.4.1" + } + ], "jupyterlab-theme-solarized-dark": [ { "advisory": "Jupyterlab-theme-solarized-dark 1.0.2 updates its dependency \"lodash\" to v4.17.19 to include a security fix.", @@ -74837,6 +75465,18 @@ "v": "<2.0.1" } ], + "jupyterlite-core": [ + { + "advisory": "Jupyterlite-core is vulnerable to HTML injection, leading to DOM Clobbering, which allows attackers to access sensitive data and perform arbitrary actions as the compromised user. This vulnerability occurs when a user opens a malicious notebook with Markdown cells or a Markdown file in JupyterLab.", + "cve": "CVE-2024-43805", + "id": "pyup.io-73126", + "more_info_path": "/vulnerabilities/CVE-2024-43805/73126", + "specs": [ + "<0.4.1" + ], + "v": "<0.4.1" + } + ], "jupyterquiz": [ { "advisory": "Jupyterquiz version 1.7.5 improves security of decoding JSON question data.", @@ -75715,7 +76355,7 @@ "v": "<7.2.5" }, { - "advisory": "Keylime 7.4.0 resolves the CVE-2023-38200 vulnerability. This vulnerability, rated as moderate, allowed for a remote denial of service attack against Keylime's SSL connections due to their blocking nature. An attacker could exhaust all available connections, leading to potential service disruption. \r\nhttps://github.com/keylime/keylime/pull/1421/commits/016ca65e56f658d5dee7638d034ec012c5051611", + "advisory": "Keylime 7.4.0 resolves the CVE-2023-38200 vulnerability. This vulnerability, rated as moderate, allowed for a remote denial of service attack against Keylime's SSL connections due to their blocking nature. An attacker could exhaust all available connections, leading to potential service disruption.", "cve": "CVE-2023-38200", "id": "pyup.io-64650", "more_info_path": "/vulnerabilities/CVE-2023-38200/64650", @@ -75725,7 +76365,7 @@ "v": "<7.4.0" }, { - "advisory": "Keylime 7.5.0 resolves the CVE-2023-38201 vulnerability. This vulnerability, discovered in the Keylime registrar, allowed an attacker to bypass the challenge-response protocol during agent registration. By impersonating an agent and adding it to the verifier list, an attacker could potentially breach the integrity of the registrar database.\r\nhttps://github.com/keylime/keylime/commit/9e5ac9f25cd400b16d5969f531cee28290543f2a", + "advisory": "Keylime 7.5.0 resolves the CVE-2023-38201 vulnerability. This vulnerability, discovered in the Keylime registrar, allowed an attacker to bypass the challenge-response protocol during agent registration. By impersonating an agent and adding it to the verifier list, an attacker could potentially breach the integrity of the registrar database.", "cve": "CVE-2023-38201", "id": "pyup.io-64649", "more_info_path": "/vulnerabilities/CVE-2023-38201/64649", @@ -75811,10 +76451,10 @@ "v": "<11.04,>=12.0.0,<12.0.0,>=13.0.0<13.0.0" }, { - "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", - "cve": "CVE-2020-12691", - "id": "pyup.io-38585", - "more_info_path": "/vulnerabilities/CVE-2020-12691/38585", + "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.", + "cve": "CVE-2020-12692", + "id": "pyup.io-38584", + "more_info_path": "/vulnerabilities/CVE-2020-12692/38584", "specs": [ "<15.0.1", ">=16.0.0.0rc1,<=16.0.0" @@ -75822,10 +76462,10 @@ "v": "<15.0.1,>=16.0.0.0rc1,<=16.0.0" }, { - "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. See: CVE-2020-12690.", - "cve": "CVE-2020-12690", - "id": "pyup.io-38583", - "more_info_path": "/vulnerabilities/CVE-2020-12690/38583", + "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", + "cve": "CVE-2020-12689", + "id": "pyup.io-38587", + "more_info_path": "/vulnerabilities/CVE-2020-12689/38587", "specs": [ "<15.0.1", ">=16.0.0.0rc1,<=16.0.0" @@ -75833,10 +76473,10 @@ "v": "<15.0.1,>=16.0.0.0rc1,<=16.0.0" }, { - "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.", - "cve": "CVE-2020-12692", - "id": "pyup.io-38584", - "more_info_path": "/vulnerabilities/CVE-2020-12692/38584", + "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", + "cve": "CVE-2020-12691", + "id": "pyup.io-38585", + "more_info_path": "/vulnerabilities/CVE-2020-12691/38585", "specs": [ "<15.0.1", ">=16.0.0.0rc1,<=16.0.0" @@ -75844,10 +76484,10 @@ "v": "<15.0.1,>=16.0.0.0rc1,<=16.0.0" }, { - "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", - "cve": "CVE-2020-12689", - "id": "pyup.io-38587", - "more_info_path": "/vulnerabilities/CVE-2020-12689/38587", + "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. See: CVE-2020-12690.", + "cve": "CVE-2020-12690", + "id": "pyup.io-38583", + "more_info_path": "/vulnerabilities/CVE-2020-12690/38583", "specs": [ "<15.0.1", ">=16.0.0.0rc1,<=16.0.0" @@ -75927,20 +76567,20 @@ "v": "==15.0.0,==16.0.0" }, { - "advisory": "Keystone has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. \r\nNOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.", - "cve": "CVE-2018-20170", - "id": "pyup.io-36734", - "more_info_path": "/vulnerabilities/CVE-2018-20170/36734", + "advisory": "Keystone is affected by CVE-2021-3563: Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.\r\nhttps://bugs.launchpad.net/ossa/+bug/1901891", + "cve": "CVE-2021-3563", + "id": "pyup.io-50789", + "more_info_path": "/vulnerabilities/CVE-2021-3563/50789", "specs": [ ">0" ], "v": ">0" }, { - "advisory": "Keystone is affected by CVE-2021-3563: Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.\r\nhttps://bugs.launchpad.net/ossa/+bug/1901891", - "cve": "CVE-2021-3563", - "id": "pyup.io-50789", - "more_info_path": "/vulnerabilities/CVE-2021-3563/50789", + "advisory": "Keystone has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. \r\nNOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory.", + "cve": "CVE-2018-20170", + "id": "pyup.io-36734", + "more_info_path": "/vulnerabilities/CVE-2018-20170/36734", "specs": [ ">0" ], @@ -76132,20 +76772,20 @@ "v": ">=2011.3.1,<2012.2.4,>=2013,<2013.1.1" }, { - "advisory": "OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.", - "cve": "CVE-2013-0282", - "id": "pyup.io-67995", - "more_info_path": "/vulnerabilities/CVE-2013-0282/67995", + "advisory": "OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.", + "cve": "CVE-2013-2014", + "id": "pyup.io-67996", + "more_info_path": "/vulnerabilities/CVE-2013-2014/67996", "specs": [ ">=2011.3.1,<2013.1" ], "v": ">=2011.3.1,<2013.1" }, { - "advisory": "OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.", - "cve": "CVE-2013-2014", - "id": "pyup.io-67996", - "more_info_path": "/vulnerabilities/CVE-2013-2014/67996", + "advisory": "OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.", + "cve": "CVE-2013-0282", + "id": "pyup.io-67995", + "more_info_path": "/vulnerabilities/CVE-2013-0282/67995", "specs": [ ">=2011.3.1,<2013.1" ], @@ -76162,20 +76802,20 @@ "v": ">=2011.3.1,<2013.1" }, { - "advisory": "OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.", - "cve": "CVE-2013-2157", - "id": "pyup.io-67998", - "more_info_path": "/vulnerabilities/CVE-2013-2157/67998", + "advisory": "OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.", + "cve": "CVE-2013-4222", + "id": "pyup.io-68010", + "more_info_path": "/vulnerabilities/CVE-2013-4222/68010", "specs": [ ">=2011.3.1,<2013.1.3" ], "v": ">=2011.3.1,<2013.1.3" }, { - "advisory": "OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.", - "cve": "CVE-2013-4222", - "id": "pyup.io-68010", - "more_info_path": "/vulnerabilities/CVE-2013-4222/68010", + "advisory": "OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.", + "cve": "CVE-2013-2157", + "id": "pyup.io-67998", + "more_info_path": "/vulnerabilities/CVE-2013-2157/67998", "specs": [ ">=2011.3.1,<2013.1.3" ], @@ -76406,7 +77046,7 @@ "v": "<1.14.0" }, { - "advisory": "Khoj affected versions contain a vulnerability in the Automation feature that allows users to inject arbitrary HTML or JavaScript, leading to Stored Cross-site Scripting (XSS) attacks. This issue occurs because the q parameter in the /api/automation endpoint was not properly sanitized when rendered on the page. Recent commits addressed this by improving input handling and ensuring proper sanitization, preventing the execution of malicious scripts within the application.", + "advisory": "Affected versions of Khoj contain a vulnerability in the Automation feature that allows users to inject arbitrary HTML or JavaScript, leading to Stored Cross-site Scripting (XSS) attacks. This issue occurs because the q parameter in the /api/automation endpoint was not properly sanitized when rendered on the page.", "cve": "CVE-2024-43396", "id": "pyup.io-72980", "more_info_path": "/vulnerabilities/CVE-2024-43396/72980", @@ -78405,10 +79045,10 @@ "v": "<0.0.225" }, { - "advisory": "Langchain 0.0.236 includes a fix for an Arbitrary Code Execution vulnerability. The vulnerability allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.\r\nhttps://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e", - "cve": "CVE-2023-36188", - "id": "pyup.io-59363", - "more_info_path": "/vulnerabilities/CVE-2023-36188/59363", + "advisory": "An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.", + "cve": "CVE-2023-38896", + "id": "pyup.io-65036", + "more_info_path": "/vulnerabilities/CVE-2023-38896/65036", "specs": [ "<0.0.236" ], @@ -78425,20 +79065,20 @@ "v": "<0.0.236" }, { - "advisory": "An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions.", - "cve": "CVE-2023-38896", - "id": "pyup.io-65036", - "more_info_path": "/vulnerabilities/CVE-2023-38896/65036", + "advisory": "Langchain 0.0.236 includes a fix for an Arbitrary Code Execution vulnerability. The vulnerability allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.\r\nhttps://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e", + "cve": "CVE-2023-36188", + "id": "pyup.io-59363", + "more_info_path": "/vulnerabilities/CVE-2023-36188/59363", "specs": [ "<0.0.236" ], "v": "<0.0.236" }, { - "advisory": "Affected versions of Langchain allow an attacker to execute arbitrary code via the PALChain in the python exec method. The PALChain class requires unique security considerations so it was moved langchain-experimental package and removed from langchain on version 0.0.247. The issue was attempted to be resolved several times in langchain-experimental but the fixes were found incomplete. See CVE-2023-44467, CVE-2024-27444, and CVE-2024-38459.", - "cve": "CVE-2023-36258", - "id": "pyup.io-59294", - "more_info_path": "/vulnerabilities/CVE-2023-36258/59294", + "advisory": "Langchain 0.0.247 includes a fix for CVE-2023-36189: SQL injection vulnerability allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.\r\nhttps://github.com/langchain-ai/langchain/issues/5923", + "cve": "CVE-2023-36189", + "id": "pyup.io-60080", + "more_info_path": "/vulnerabilities/CVE-2023-36189/60080", "specs": [ "<0.0.247" ], @@ -78455,10 +79095,10 @@ "v": "<0.0.247" }, { - "advisory": "Langchain 0.0.247 includes a fix for CVE-2023-36189: SQL injection vulnerability allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.\r\nhttps://github.com/langchain-ai/langchain/issues/5923", - "cve": "CVE-2023-36189", - "id": "pyup.io-60080", - "more_info_path": "/vulnerabilities/CVE-2023-36189/60080", + "advisory": "Affected versions of Langchain allow an attacker to execute arbitrary code via the PALChain in the python exec method. The PALChain class requires unique security considerations so it was moved langchain-experimental package and removed from langchain on version 0.0.247. The issue was attempted to be resolved several times in langchain-experimental but the fixes were found incomplete. See CVE-2023-44467, CVE-2024-27444, and CVE-2024-38459.", + "cve": "CVE-2023-36258", + "id": "pyup.io-59294", + "more_info_path": "/vulnerabilities/CVE-2023-36258/59294", "specs": [ "<0.0.247" ], @@ -78646,6 +79286,16 @@ } ], "langchain-community": [ + { + "advisory": "A critical security vulnerability affects the FAISS class in the langchain-ai/langchain library. The deserialize_from_bytes method deserializes data using Python's pickle module without proper security checks, potentially allowing attackers to execute arbitrary code, including system commands via os.system. Users must update to the latest version, which introduces an allow_dangerous_deserialization parameter. Users must explicitly set this parameter to True to allow deserialization, acknowledging the risk. Never deserialize data from untrusted sources.", + "cve": "CVE-2024-5998", + "id": "pyup.io-73298", + "more_info_path": "/vulnerabilities/CVE-2024-5998/73298", + "specs": [ + "<0.2.4" + ], + "v": "<0.2.4" + }, { "advisory": "Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality.", "cve": "CVE-2024-2965", @@ -78729,6 +79379,16 @@ ">=0.0.15,<0.0.21" ], "v": ">=0.0.15,<0.0.21" + }, + { + "advisory": "A vulnerability exists in langchain_experimental affected versions where the LLMSymbolicMathChain was introduced because it passes untrusted input directly to sympy.sympify, which uses eval() internally. This flaw allows attackers to execute arbitrary code via crafted mathematical expressions.", + "cve": "CVE-2024-46946", + "id": "pyup.io-73280", + "more_info_path": "/vulnerabilities/CVE-2024-46946/73280", + "specs": [ + ">=0.1.17" + ], + "v": ">=0.1.17" } ], "langflow": [ @@ -79936,17 +80596,19 @@ "v": "<0.7.0" } ], - "lightning": [ + "lighteval": [ { - "advisory": "Lightning 2.0.4 updates its dependency 'redis' to version '4.5.5' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/0831e138c02e492bdd384be99079d949c93b1e8e", - "cve": "CVE-2023-28858", - "id": "pyup.io-59186", - "more_info_path": "/vulnerabilities/CVE-2023-28858/59186", + "advisory": "Bump nltlk to version = \"0.4.0.dev0\" on the lighteval package due to security vulnerability.", + "cve": "CVE-2024-39705", + "id": "pyup.io-73055", + "more_info_path": "/vulnerabilities/CVE-2024-39705/73055", "specs": [ - "<2.0.4" + "<0.4.0" ], - "v": "<2.0.4" - }, + "v": "<0.4.0" + } + ], + "lightning": [ { "advisory": "Lightning 2.0.4 updates its dependency 'vite' to version '2.9.16' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/7d2a46efa9834c3bb0bc1069df0a2e3a6e855d01", "cve": "CVE-2023-34092", @@ -79957,16 +80619,6 @@ ], "v": "<2.0.4" }, - { - "advisory": "Lightning 2.0.4 updates its dependency 'ipython' to version '8.14.0' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/98e1aabd0c711e508d33f599265de011ca5dfba8", - "cve": "CVE-2023-24816", - "id": "pyup.io-59170", - "more_info_path": "/vulnerabilities/CVE-2023-24816/59170", - "specs": [ - "<2.0.4" - ], - "v": "<2.0.4" - }, { "advisory": "Lightning 2.0.4 updates its dependency 'requests' to '2.31.0' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/37be44d2a3804dad52f0d4e4dcc5419bcb48391f", "cve": "CVE-2023-32681", @@ -79988,14 +80640,24 @@ "v": "<2.0.4" }, { - "advisory": "A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning affected versions allows attackers to exploit path traversal when extracting tar.gz files. When LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.", - "cve": "CVE-2024-5980", - "id": "pyup.io-72092", - "more_info_path": "/vulnerabilities/CVE-2024-5980/72092", + "advisory": "Lightning 2.0.4 updates its dependency 'redis' to version '4.5.5' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/0831e138c02e492bdd384be99079d949c93b1e8e", + "cve": "CVE-2023-28858", + "id": "pyup.io-59186", + "more_info_path": "/vulnerabilities/CVE-2023-28858/59186", "specs": [ - "<2.3.3" + "<2.0.4" ], - "v": "<2.3.3" + "v": "<2.0.4" + }, + { + "advisory": "Lightning 2.0.4 updates its dependency 'ipython' to version '8.14.0' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/98e1aabd0c711e508d33f599265de011ca5dfba8", + "cve": "CVE-2023-24816", + "id": "pyup.io-59170", + "more_info_path": "/vulnerabilities/CVE-2023-24816/59170", + "specs": [ + "<2.0.4" + ], + "v": "<2.0.4" }, { "advisory": "A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library affected versions due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default.", @@ -80006,6 +80668,16 @@ "<2.3.3" ], "v": "<2.3.3" + }, + { + "advisory": "A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning affected versions allows attackers to exploit path traversal when extracting tar.gz files. When LightningApp is running with the plugin_server, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path traversal vulnerabilities. This can result in arbitrary files being written to any directory in the victim's local file system, potentially leading to remote code execution.", + "cve": "CVE-2024-5980", + "id": "pyup.io-72092", + "more_info_path": "/vulnerabilities/CVE-2024-5980/72092", + "specs": [ + "<2.3.3" + ], + "v": "<2.3.3" } ], "lilac": [ @@ -80040,6 +80712,26 @@ "<2024.03.0" ], "v": "<2024.03.0" + }, + { + "advisory": "Liminal-sdk-python updates its cryptography dependency from 42.0.8 to 43.0.1 to address CVE-2024-6119.", + "cve": "CVE-2024-6119", + "id": "pyup.io-73357", + "more_info_path": "/vulnerabilities/CVE-2024-6119/73357", + "specs": [ + "<2024.09.0" + ], + "v": "<2024.09.0" + }, + { + "advisory": "Liminal-sdk-python 2024.09.0b1 updates its dependency 'cryptography' to include a security fix.", + "cve": "CVE-2024-6119", + "id": "pyup.io-73084", + "more_info_path": "/vulnerabilities/CVE-2024-6119/73084", + "specs": [ + "<2024.09.0b1" + ], + "v": "<2024.09.0b1" } ], "limnoria": [ @@ -80323,6 +81015,16 @@ ], "v": "<1.40.0" }, + { + "advisory": "berriai/litellm affected versions are vulnerable to improper access control in their team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any team, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.", + "cve": "CVE-2024-5710", + "id": "pyup.io-71848", + "more_info_path": "/vulnerabilities/CVE-2024-5710/71848", + "specs": [ + "<1.40.29" + ], + "v": "<1.40.29" + }, { "advisory": "Affected version of Litellm are affected by a information disclosure vulnerability. Sensitive information was logged in raw request debug logs.", "cve": "PVE-2024-71424", @@ -80334,44 +81036,44 @@ "v": "<1.40.6" }, { - "advisory": "berriai/litellm affected versions are vulnerable to improper access control in their team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any team, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.", - "cve": "CVE-2024-5710", - "id": "pyup.io-71848", - "more_info_path": "/vulnerabilities/CVE-2024-5710/71848", + "advisory": "Affected versions of berriai/litellm contains a Remote Code Execution (RCE) vulnerability (CWE-94) in the secret management system, particularly when using Google KMS. The litellm.get_secret() method used the eval() function unsafely on unsanitized input from environment variables, which could be manipulated through the /config/update endpoint. This allowed attackers to inject and execute arbitrary code by updating settings in proxy_server_config.yaml. The vulnerability has been addressed by replacing the unsafe eval() call with a secure client.decrypt() method for handling encrypted data.", + "cve": "CVE-2024-4264", + "id": "pyup.io-71722", + "more_info_path": "/vulnerabilities/CVE-2024-4264/71722", "specs": [ - "<=1.40.28" + "<1.44.16" ], - "v": "<=1.40.28" + "v": "<1.44.16" }, { - "advisory": "A code injection vulnerability exists in the berriai/litellm application due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature.", + "advisory": "Affected versions of berriai/litellm contain a Code Injection vulnerability (CWE-94) in the secret management system when using Google KMS. Attackers could potentially execute arbitrary code by manipulating environment variables, exploiting the use of eval() on unvalidated input. This vulnerability has been addressed by replacing eval() with a secure client.decrypt() method for handling encrypted data.", "cve": "CVE-2024-4889", "id": "pyup.io-71720", "more_info_path": "/vulnerabilities/CVE-2024-4889/71720", "specs": [ - ">=0" + "<1.44.16" ], - "v": ">=0" + "v": "<1.44.16" }, { - "advisory": "A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database.", + "advisory": "Affected versions of litellm vulnerable to SQL Injection (CWE-89). This vulnerability in the '/team/update' endpoint allows attackers to inject malicious SQL commands through the 'user_id' parameter, potentially leading to unauthorized access to sensitive data including API keys, user information, and tokens. The flaw stems from improper handling of user input in raw SQL queries. The patch replaces vulnerable raw SQL queries with parameterized queries using Prisma ORM, effectively preventing SQL injection attacks.", "cve": "CVE-2024-4890", "id": "pyup.io-71721", "more_info_path": "/vulnerabilities/CVE-2024-4890/71721", "specs": [ - ">=0" + "<1.44.17" ], - "v": ">=0" + "v": "<1.44.17" }, { - "advisory": "A remote code execution (RCE) vulnerability exists in the berriai/litellm project due to improper control of the generation of code when using the `eval` function unsafely in the `litellm.get_secret()` method. Specifically, when the server utilizes Google KMS, untrusted data is passed to the `eval` function without any sanitization. Attackers can exploit this vulnerability by injecting malicious values into environment variables through the `/config/update` endpoint, which allows for the update of settings in `proxy_server_config.yaml`.", - "cve": "CVE-2024-4264", - "id": "pyup.io-71722", - "more_info_path": "/vulnerabilities/CVE-2024-4264/71722", + "advisory": "A Server-Side Request Forgery (SSRF) vulnerability affects berriai/litellm affected versions, including the proxy authentication module. Attackers can exploit this vulnerability by manipulating the api_base or base_url parameters in request bodies sent to POST /chat/completions. This allows malicious users to redirect API calls to attacker-controlled domains, intercepting sensitive information such as OpenAI API keys. The vulnerability enables unauthorized access and potential misuse of the intercepted API keys. The patch implements strict input validation, rejecting requests containing these dangerous parameters.", + "cve": "CVE-2024-6587", + "id": "pyup.io-73303", + "more_info_path": "/vulnerabilities/CVE-2024-6587/73303", "specs": [ - ">=0" + "<1.44.8" ], - "v": ">=0" + "v": "<1.44.8" } ], "litestar": [ @@ -80454,20 +81156,20 @@ "v": "<0.2.12" }, { - "advisory": "Llama-cpp-python version 0.2.72 addresses a security issue by fixing a Remote Code Execution vulnerability caused by Server-Side Template Injection in Model Metadata.", - "cve": "CVE-2024-34359", - "id": "pyup.io-70912", - "more_info_path": "/vulnerabilities/CVE-2024-34359/70912", + "advisory": "Llama-cpp-python version 0.2.72 enhances security by updating all remaining Jinja chat templates to use an immutable sandbox.", + "cve": "PVE-2024-70929", + "id": "pyup.io-70929", + "more_info_path": "/vulnerabilities/PVE-2024-70929/70929", "specs": [ "<0.2.72" ], "v": "<0.2.72" }, { - "advisory": "Llama-cpp-python version 0.2.72 enhances security by updating all remaining Jinja chat templates to use an immutable sandbox.", - "cve": "PVE-2024-70929", - "id": "pyup.io-70929", - "more_info_path": "/vulnerabilities/PVE-2024-70929/70929", + "advisory": "Llama-cpp-python version 0.2.72 addresses a security issue by fixing a Remote Code Execution vulnerability caused by Server-Side Template Injection in Model Metadata.", + "cve": "CVE-2024-34359", + "id": "pyup.io-70912", + "more_info_path": "/vulnerabilities/CVE-2024-34359/70912", "specs": [ "<0.2.72" ], @@ -81882,20 +82584,20 @@ "v": "<0.9.62" }, { - "advisory": "Mage-ai version 0.9.65 updates its Jinja2 dependency to 3.1.3 from the previous 3.1.2 in response to the security vulnerability CVE-2024-22195.\r\nhttps://github.com/mage-ai/mage-ai/pull/4444/commits/6fd7c487c4accb1af62438b07b876d732d3c301a", - "cve": "CVE-2024-22195", - "id": "pyup.io-66072", - "more_info_path": "/vulnerabilities/CVE-2024-22195/66072", + "advisory": "Mage-ai version 0.9.65 updates its jupyter-server dependency to 2.11.2 from the previous 1.23.5 in response to the security vulnerability CVE-2023-49080.\r\nhttps://github.com/mage-ai/mage-ai/pull/4444/commits/6fd7c487c4accb1af62438b07b876d732d3c301a", + "cve": "CVE-2023-49080", + "id": "pyup.io-66645", + "more_info_path": "/vulnerabilities/CVE-2023-49080/66645", "specs": [ "<0.9.65" ], "v": "<0.9.65" }, { - "advisory": "Mage-ai version 0.9.65 updates its jupyter-server dependency to 2.11.2 from the previous 1.23.5 in response to the security vulnerability CVE-2023-49080.\r\nhttps://github.com/mage-ai/mage-ai/pull/4444/commits/6fd7c487c4accb1af62438b07b876d732d3c301a", - "cve": "CVE-2023-49080", - "id": "pyup.io-66645", - "more_info_path": "/vulnerabilities/CVE-2023-49080/66645", + "advisory": "Mage-ai version 0.9.65 updates its Jinja2 dependency to 3.1.3 from the previous 3.1.2 in response to the security vulnerability CVE-2024-22195.\r\nhttps://github.com/mage-ai/mage-ai/pull/4444/commits/6fd7c487c4accb1af62438b07b876d732d3c301a", + "cve": "CVE-2024-22195", + "id": "pyup.io-66072", + "more_info_path": "/vulnerabilities/CVE-2024-22195/66072", "specs": [ "<0.9.65" ], @@ -81912,10 +82614,10 @@ "v": ">=0" }, { - "advisory": "In the Mage AI framework, guest users who remain logged in after their accounts are deleted are mistakenly granted elevated privileges, including the ability to remotely execute arbitrary code via the Mage AI terminal server.", - "cve": "CVE-2024-45187", - "id": "pyup.io-72967", - "more_info_path": "/vulnerabilities/CVE-2024-45187/72967", + "advisory": "Mage AI allows remote, unauthenticated attackers to access and leak the terminal server command history of arbitrary users.", + "cve": "CVE-2024-8072", + "id": "pyup.io-72973", + "more_info_path": "/vulnerabilities/CVE-2024-8072/72973", "specs": [ ">=0" ], @@ -81932,20 +82634,20 @@ "v": ">=0" }, { - "advisory": "Mage AI has a path traversal vulnerability that allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server via the \"Pipeline Interaction\" request.", - "cve": "CVE-2024-45190", - "id": "pyup.io-72970", - "more_info_path": "/vulnerabilities/CVE-2024-45190/72970", + "advisory": "In the Mage AI framework, guest users who remain logged in after their accounts are deleted are mistakenly granted elevated privileges, including the ability to remotely execute arbitrary code via the Mage AI terminal server.", + "cve": "CVE-2024-45187", + "id": "pyup.io-72967", + "more_info_path": "/vulnerabilities/CVE-2024-45187/72967", "specs": [ ">=0" ], "v": ">=0" }, { - "advisory": "Mage AI allows remote, unauthenticated attackers to access and leak the terminal server command history of arbitrary users.", - "cve": "CVE-2024-8072", - "id": "pyup.io-72973", - "more_info_path": "/vulnerabilities/CVE-2024-8072/72973", + "advisory": "Mage AI has a path traversal vulnerability that allows remote users with the \"Viewer\" role to leak arbitrary files from the Mage server via the \"Pipeline Interaction\" request.", + "cve": "CVE-2024-45190", + "id": "pyup.io-72970", + "more_info_path": "/vulnerabilities/CVE-2024-45190/72970", "specs": [ ">=0" ], @@ -81996,18 +82698,6 @@ "v": ">0" } ], - "mailchecker": [ - { - "advisory": "Mailchecker version 3.2.9 includes a security enhancement by forcing the lodash library to update to versions greater than 4.17.5. This update addresses the CVE-2018-3721.", - "cve": "CVE-2018-3721", - "id": "pyup.io-68095", - "more_info_path": "/vulnerabilities/CVE-2018-3721/68095", - "specs": [ - "<3.2.9" - ], - "v": "<3.2.9" - } - ], "mailman": [ { "advisory": "Mailman 2.1.14 includes a fix for CVE-2011-0707: Three XSS flaws due improper escaping of the full name of the member.", @@ -82080,20 +82770,20 @@ "v": "<2.1.33" }, { - "advisory": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).", - "cve": "CVE-2021-42097", - "id": "pyup.io-62668", - "more_info_path": "/vulnerabilities/CVE-2021-42097/62668", + "advisory": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.", + "cve": "CVE-2021-42096", + "id": "pyup.io-62669", + "more_info_path": "/vulnerabilities/CVE-2021-42096/62669", "specs": [ "<2.1.35" ], "v": "<2.1.35" }, { - "advisory": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.", - "cve": "CVE-2021-42096", - "id": "pyup.io-62669", - "more_info_path": "/vulnerabilities/CVE-2021-42096/62669", + "advisory": "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).", + "cve": "CVE-2021-42097", + "id": "pyup.io-62668", + "more_info_path": "/vulnerabilities/CVE-2021-42097/62668", "specs": [ "<2.1.35" ], @@ -82260,30 +82950,30 @@ "v": "<=2.1.4" }, { - "advisory": "The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.", - "cve": "CVE-2005-0080", - "id": "pyup.io-61156", - "more_info_path": "/vulnerabilities/CVE-2005-0080/61156", + "advisory": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.", + "cve": "CVE-2004-0412", + "id": "pyup.io-61160", + "more_info_path": "/vulnerabilities/CVE-2004-0412/61160", "specs": [ "<=2.1.5" ], "v": "<=2.1.5" }, { - "advisory": "Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.", - "cve": "CVE-2004-0412", - "id": "pyup.io-61160", - "more_info_path": "/vulnerabilities/CVE-2004-0412/61160", + "advisory": "The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.", + "cve": "CVE-2005-0080", + "id": "pyup.io-61156", + "more_info_path": "/vulnerabilities/CVE-2005-0080/61156", "specs": [ "<=2.1.5" ], "v": "<=2.1.5" }, { - "advisory": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.", - "cve": "CVE-2006-4624", - "id": "pyup.io-61167", - "more_info_path": "/vulnerabilities/CVE-2006-4624/61167", + "advisory": "Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving \"standards-breaking RFC 2231 formatted headers\".", + "cve": "CVE-2006-2941", + "id": "pyup.io-61165", + "more_info_path": "/vulnerabilities/CVE-2006-2941/61165", "specs": [ "<=2.1.8" ], @@ -82300,10 +82990,10 @@ "v": "<=2.1.8" }, { - "advisory": "Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving \"standards-breaking RFC 2231 formatted headers\".", - "cve": "CVE-2006-2941", - "id": "pyup.io-61165", - "more_info_path": "/vulnerabilities/CVE-2006-2941/61165", + "advisory": "CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.", + "cve": "CVE-2006-4624", + "id": "pyup.io-61167", + "more_info_path": "/vulnerabilities/CVE-2006-4624/61167", "specs": [ "<=2.1.8" ], @@ -82789,9 +83479,9 @@ }, { "advisory": "Maptasker 1.3.3 uses 'defusedxml' to prevent XXE vulnerabilities.\r\nhttps://github.com/mctinker/Map-Tasker/commit/748dc69ed16053fff0b8bb54fb1a3b589300355c", - "cve": "CVE-2013-1665", - "id": "pyup.io-55045", - "more_info_path": "/vulnerabilities/CVE-2013-1665/55045", + "cve": "CVE-2013-1664", + "id": "pyup.io-55050", + "more_info_path": "/vulnerabilities/CVE-2013-1664/55050", "specs": [ "<1.3.3" ], @@ -82799,9 +83489,9 @@ }, { "advisory": "Maptasker 1.3.3 uses 'defusedxml' to prevent XXE vulnerabilities.\r\nhttps://github.com/mctinker/Map-Tasker/commit/748dc69ed16053fff0b8bb54fb1a3b589300355c", - "cve": "CVE-2013-1664", - "id": "pyup.io-55050", - "more_info_path": "/vulnerabilities/CVE-2013-1664/55050", + "cve": "CVE-2013-1665", + "id": "pyup.io-55045", + "more_info_path": "/vulnerabilities/CVE-2013-1665/55045", "specs": [ "<1.3.3" ], @@ -82908,6 +83598,26 @@ "<0.6.20" ], "v": "<0.6.20" + }, + { + "advisory": "A security vulnerability in the path-to-regexp library has been addressed in the Marimo project by updating the dependency from version 7.1.0 to 8.0.0.", + "cve": "CVE-2024-45296", + "id": "pyup.io-73202", + "more_info_path": "/vulnerabilities/CVE-2024-45296/73202", + "specs": [ + "<0.8.15" + ], + "v": "<0.8.15" + }, + { + "advisory": "Marimo 0.8.16 updates its NPM dependency 'vite' to 5.4.6 to include a security fix.", + "cve": "CVE-2024-45811", + "id": "pyup.io-73266", + "more_info_path": "/vulnerabilities/CVE-2024-45811/73266", + "specs": [ + "<0.8.16" + ], + "v": "<0.8.16" } ], "markdown-it-py": [ @@ -83079,6 +83789,18 @@ "v": "<1.2" } ], + "mas-cli": [ + { + "advisory": "A race condition vulnerability (CWE-362) was identified in the gitops_utils script, where competing processes could acquire the same Git lock branch due to identical commit hashes. This could lead to data corruption or merge conflicts during Git operations. The issue was resolved by adding a UUID to the lock file, ensuring that each process generates a unique commit hash.", + "cve": "PVE-2024-73440", + "id": "pyup.io-73440", + "more_info_path": "/vulnerabilities/PVE-2024-73440/73440", + "specs": [ + "<11.1.3" + ], + "v": "<11.1.3" + } + ], "masonite": [ { "advisory": "Masonite 2.3.25 improves requests checking to add CSRF headers.\r\nhttps://github.com/MasoniteFramework/masonite/commit/9f8b326a209be2b8cf5b0208dc8c69ebd5dd6a97", @@ -83616,20 +84338,20 @@ "v": "<1.25.0" }, { - "advisory": "Matrix-synapse 1.27.0 includes a fix for CVE-2021-21332: In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains.", - "cve": "CVE-2021-21332", - "id": "pyup.io-40106", - "more_info_path": "/vulnerabilities/CVE-2021-21332/40106", + "advisory": "Matrix-synapse 1.27.0 includes a fix for CVE-2021-21333: In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker.", + "cve": "CVE-2021-21333", + "id": "pyup.io-40107", + "more_info_path": "/vulnerabilities/CVE-2021-21333/40107", "specs": [ "<1.27.0" ], "v": "<1.27.0" }, { - "advisory": "Matrix-synapse 1.27.0 includes a fix for CVE-2021-21333: In Synapse before version 1.27.0, the notification emails sent for notifications for missed messages or for an expiring account are subject to HTML injection. In the case of the notification for missed messages, this could allow an attacker to insert forged content into the email. The account expiry feature is not enabled by default and the HTML injection is not controllable by an attacker.", - "cve": "CVE-2021-21333", - "id": "pyup.io-40107", - "more_info_path": "/vulnerabilities/CVE-2021-21333/40107", + "advisory": "Matrix-synapse 1.27.0 includes a fix for CVE-2021-21332: In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting (XSS) attacks. The impact depends on the configuration of the domain that Synapse is deployed on, but may allow access to cookies and other browser data, CSRF vulnerabilities, and access to other resources served on the same domain or parent domains.", + "cve": "CVE-2021-21332", + "id": "pyup.io-40106", + "more_info_path": "/vulnerabilities/CVE-2021-21332/40106", "specs": [ "<1.27.0" ], @@ -84430,6 +85152,16 @@ } ], "mesop": [ + { + "advisory": "A vulnerability in Mesop's static file serving functionality could allow unauthorized access to sensitive files. The application did not properly restrict the types of files that could be served, potentially exposing confidential information or enabling arbitrary code execution if sensitive files were inadvertently placed in the served directory", + "cve": "CVE-2024-45601", + "id": "pyup.io-73281", + "more_info_path": "/vulnerabilities/CVE-2024-45601/73281", + "specs": [ + "<0.12.4" + ], + "v": "<0.12.4" + }, { "advisory": "Affected version of Mesop are vulnerable to Cross-Site Request Forgery (CSRF).", "cve": "PVE-2024-71310", @@ -84854,9 +85586,9 @@ "mindee": [ { "advisory": "Mindee 2.0.1 updates its dependency 'Pillow' to v9.0.1 to include security fixes.", - "cve": "CVE-2022-22817", - "id": "pyup.io-45377", - "more_info_path": "/vulnerabilities/CVE-2022-22817/45377", + "cve": "CVE-2022-24303", + "id": "pyup.io-45115", + "more_info_path": "/vulnerabilities/CVE-2022-24303/45115", "specs": [ "<2.0.1" ], @@ -84864,9 +85596,9 @@ }, { "advisory": "Mindee 2.0.1 updates its dependency 'Pillow' to v9.0.1 to include security fixes.", - "cve": "CVE-2022-24303", - "id": "pyup.io-45115", - "more_info_path": "/vulnerabilities/CVE-2022-24303/45115", + "cve": "CVE-2022-22817", + "id": "pyup.io-45377", + "more_info_path": "/vulnerabilities/CVE-2022-22817/45377", "specs": [ "<2.0.1" ], @@ -84904,6 +85636,16 @@ ], "v": "<23.11.4.1" }, + { + "advisory": "In mindsdb affected versions, a vulnerability allows attackers to bypass server-side request forgery (SSRF) protection across the entire website using DNS rebinding techniques. This security flaw compromises SSRF safeguards and potentially enables denial-of-service attacks.", + "cve": "CVE-2024-24759", + "id": "pyup.io-73128", + "more_info_path": "/vulnerabilities/CVE-2024-24759/73128", + "specs": [ + "<23.12.4.3" + ], + "v": "<23.12.4.3" + }, { "advisory": "Mindsdb 23.2.4.1 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", "cve": "CVE-2007-4559", @@ -84944,6 +85686,16 @@ ], "v": "<=23.6.3.1" }, + { + "advisory": "A cross-site scripting (XSS) vulnerability affects all versions of the MindsDB platform. Attackers can exploit this flaw by creating ML Engines, databases, projects, or datasets with names or values containing malicious JavaScript code. When other users browse these items in the web UI, the platform inadvertently executes the embedded JavaScript, potentially compromising user accounts or sensitive data. This vulnerability allows attackers to perform various malicious actions, including stealing session tokens, hijacking user sessions, or manipulating the UI to trick users into divulging confidential information.", + "cve": "CVE-2024-45856", + "id": "pyup.io-73322", + "more_info_path": "/vulnerabilities/CVE-2024-45856/73322", + "specs": [ + ">=0" + ], + "v": ">=0" + }, { "advisory": "MindsDB is a SQL Server for artificial intelligence. Before version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterward opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server.", "cve": "CVE-2023-50731", @@ -84954,6 +85706,106 @@ ], "v": ">=0,<23.11.4.1" }, + { + "advisory": "MindsDB affected versions contain a critical security vulnerability in the 'inhouse' model functionality. Malicious actors can exploit this flaw to execute arbitrary code on the server during prediction tasks. The vulnerability stems from unsafe deserialization of untrusted data in the BYOM (Bring Your Own Model) feature. Attackers who successfully upload a compromised 'inhouse' model can trigger the exploit when the system uses the model for predictions. This security issue poses a significant risk to server integrity and data confidentiality. Users are advised to update to a patched version or implement alternative serialization methods immediately.", + "cve": "CVE-2024-45853", + "id": "pyup.io-73319", + "more_info_path": "/vulnerabilities/CVE-2024-45853/73319", + "specs": [ + ">=23.10.2.0" + ], + "v": ">=23.10.2.0" + }, + { + "advisory": "MindsDB affected versions contain a critical vulnerability in the 'finetune' function of 'inhouse' models. This flaw allows attackers to execute arbitrary code on the server by exploiting unsafe deserialization of untrusted data. Malicious actors can upload a specially crafted 'inhouse' model, which, when finetuned, triggers the execution of arbitrary code. This vulnerability poses a significant security risk, potentially leading to unauthorized access, data breaches, or complete system compromise. Users should exercise extreme caution when finetuning 'inhouse' models and ensure they only use trusted and verified models until a patch is available.", + "cve": "CVE-2024-45855", + "id": "pyup.io-73321", + "more_info_path": "/vulnerabilities/CVE-2024-45855/73321", + "specs": [ + ">=23.10.2.0" + ], + "v": ">=23.10.2.0" + }, + { + "advisory": "MindsDB platform affected versions contain a critical vulnerability in the 'describe' function of the BYOM (Bring Your Own Model) handler. This function deserializes untrusted data from 'inhouse' models using pickle.loads(), potentially allowing arbitrary code execution on the server when a user runs a 'describe' query on a maliciously crafted model. Attackers could exploit this vulnerability to compromise the system, access sensitive data, or perform unauthorized actions. MindsDB users should exercise extreme caution when using 'inhouse' models, especially from untrusted sources, and consider disabling this feature until a security patch is available.", + "cve": "CVE-2024-45854", + "id": "pyup.io-73320", + "more_info_path": "/vulnerabilities/CVE-2024-45854/73320", + "specs": [ + ">=23.10.3.0" + ], + "v": ">=23.10.3.0" + }, + { + "advisory": "An arbitrary code execution vulnerability affects MindsDB, particularly when using the Weaviate, ChromaDB, SharePoint, and VectorDatabase integrations. The vulnerability stems from the use of the eval() function to parse user-supplied data in 'SELECT WHERE' clauses and other input fields. Attackers can exploit this vulnerability by crafting malicious input containing Python code, which the system will execute on the server. This flaw can lead to unauthorized command execution, potentially compromising the system's integrity and confidentiality. The vulnerability falls under CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Users must update to the latest version immediately, which replaces the unsafe eval() function with ast.literal_eval(), effectively mitigating the risk of code injection attacks.", + "cve": "CVE-2024-45846", + "id": "pyup.io-73308", + "more_info_path": "/vulnerabilities/CVE-2024-45846/73308", + "specs": [ + ">=23.10.3.0,<24.7.4.1" + ], + "v": ">=23.10.3.0,<24.7.4.1" + }, + { + "advisory": "A critical arbitrary code execution vulnerability affects MindsDB, particularly when using the ChromaDB, SharePoint, Weaviate, or VectorDatabase integrations. Attackers can exploit this vulnerability by crafting malicious 'INSERT' queries for list creation in SharePoint databases, or other queries containing Python code for the affected integrations. The system executes this code on the server using the unsafe eval() function, allowing unauthorized command execution and potentially compromising system integrity and confidentiality. This vulnerability falls under CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). The patch replaces the unsafe eval() function with ast.literal_eval(), significantly improving security by limiting evaluation to literal expressions only. This change prevents the execution of arbitrary Python code, effectively mitigating the risk of code injection attacks across all affected integrations.", + "cve": "CVE-2024-45849", + "id": "pyup.io-73311", + "more_info_path": "/vulnerabilities/CVE-2024-45849/73311", + "specs": [ + ">=23.10.5.0,<24.7.4.1" + ], + "v": ">=23.10.5.0,<24.7.4.1" + }, + { + "advisory": "A critical arbitrary code execution vulnerability affects MindsDB, particularly in the ChromaDB, SharePoint, Weaviate, and VectorDatabase integrations. Attackers can exploit this vulnerability by crafting malicious queries, including 'INSERT' queries for list item creation in SharePoint databases. The system executes arbitrary Python code on the server using the unsafe eval() function when processing these queries. This flaw allows unauthorized command execution, potentially compromising system integrity and confidentiality. The vulnerability falls under CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). The update replaces the unsafe eval() function with ast.literal_eval(), significantly improving security by limiting evaluation to literal expressions only. This change prevents the execution of arbitrary Python code, effectively mitigating the risk of code injection attacks across all affected integrations.", + "cve": "CVE-2024-45851", + "id": "pyup.io-73317", + "more_info_path": "/vulnerabilities/CVE-2024-45851/73317", + "specs": [ + ">=23.10.5.0,<24.7.4.1" + ], + "v": ">=23.10.5.0,<24.7.4.1" + }, + { + "advisory": "A critical arbitrary code execution vulnerability affects MindsDB, particularly when using the ChromaDB, SharePoint, Weaviate, or VectorDatabase integrations. Attackers can exploit this vulnerability by crafting malicious 'INSERT' queries for site column creation in SharePoint databases, or other queries containing Python code for the affected integrations. The system executes this code on the server using the unsafe eval() function, allowing unauthorized command execution and potentially compromising system integrity and confidentiality. This vulnerability falls under CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Users must update to the latest version immediately. The update replaces the unsafe eval() function with ast.literal_eval(), significantly improving security by limiting evaluation to literal expressions only. This change prevents the execution of arbitrary Python code, effectively mitigating the risk of code injection attacks across all affected integrations.", + "cve": "CVE-2024-45850", + "id": "pyup.io-73316", + "more_info_path": "/vulnerabilities/CVE-2024-45850/73316", + "specs": [ + ">=23.10.5.0,<24.7.4.1" + ], + "v": ">=23.10.5.0,<24.7.4.1" + }, + { + "advisory": "A critical arbitrary code execution vulnerability affects MindsDB, particularly when using the ChromaDB, SharePoint, Weaviate, or VectorDatabase integrations. The vulnerability stems from the use of the eval() function to parse user-supplied data in 'UPDATE' queries and other input fields. Attackers can exploit this vulnerability by crafting malicious input containing Python code, which the system will execute on the server. This flaw allows unauthorized command execution, potentially compromising the system's integrity and confidentiality. The vulnerability falls under CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Users must update to the latest version immediately, which replaces the unsafe eval() function with ast.literal_eval(), effectively mitigating the risk of code injection attacks. This change significantly improves security by limiting evaluation to literal expressions only, preventing the execution of arbitrary Python code.", + "cve": "CVE-2024-45847", + "id": "pyup.io-73309", + "more_info_path": "/vulnerabilities/CVE-2024-45847/73309", + "specs": [ + ">=23.11.4.2,<24.7.4.1" + ], + "v": ">=23.11.4.2,<24.7.4.1" + }, + { + "advisory": "A critical arbitrary code execution vulnerability affects MindsDB, particularly when using the ChromaDB, SharePoint, Weaviate, or VectorDatabase integrations. Attackers can exploit this vulnerability by crafting malicious 'INSERT', 'UPDATE', or other queries containing Python code, which the system executes on the server using the unsafe eval() function. This flaw allows unauthorized command execution, potentially compromising the system's integrity and confidentiality. The vulnerability falls under CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Users must update to the latest version immediately, which replaces the unsafe eval() function with ast.literal_eval(). This change significantly improves security by limiting evaluation to literal expressions only, preventing the execution of arbitrary Python code and effectively mitigating the risk of code injection attacks.", + "cve": "CVE-2024-45848", + "id": "pyup.io-73310", + "more_info_path": "/vulnerabilities/CVE-2024-45848/73310", + "specs": [ + ">=23.12.4.0,<24.7.4.1" + ], + "v": ">=23.12.4.0,<24.7.4.1" + }, + { + "advisory": "Affected versions of the MindsDB platform contain a critical security vulnerability. The platform's use of unsafe deserialization allows maliciously uploaded models to execute arbitrary code on the server when interacted with. This vulnerability stems from the use of the Python pickle module to deserialize untrusted data. Attackers can exploit this flaw to run unauthorized code, potentially compromising the entire system. If updates are unavailable, implement strict input validation, use safer serialization methods like JSON, and consider sandboxing untrusted code execution.", + "cve": "CVE-2024-45852", + "id": "pyup.io-73318", + "more_info_path": "/vulnerabilities/CVE-2024-45852/73318", + "specs": [ + ">=23.3.2.0" + ], + "v": ">=23.3.2.0" + }, { "advisory": "MindsDB connects artificial intelligence models to real-time data. Versions before 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contains a fix for the issue.", "cve": "CVE-2023-49796", @@ -85565,6 +86417,18 @@ "v": ">=0,<1.2.3" } ], + "mkdocs-gallery": [ + { + "advisory": "The affected version of Mkdocs-gallery is vulnerable to insecure polyfill extra javascript, the fix includes a removal of script referenced in extra_javascript that points to polyfill.", + "cve": "CVE-2024-38526", + "id": "pyup.io-73047", + "more_info_path": "/vulnerabilities/CVE-2024-38526/73047", + "specs": [ + "<0.10.2" + ], + "v": "<0.10.2" + } + ], "mkdocs-material": [ { "advisory": "mkdocs-material before 1.0.0 uses _blank targets on links which make it vulnerable to Cross Site Scripting attacks.", @@ -85749,20 +86613,20 @@ "v": "<2.0.0rc0" }, { - "advisory": "mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.", - "cve": "CVE-2024-3573", - "id": "pyup.io-71964", - "more_info_path": "/vulnerabilities/CVE-2024-3573/71964", + "advisory": "Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.", + "cve": "CVE-2024-27132", + "id": "pyup.io-68487", + "more_info_path": "/vulnerabilities/CVE-2024-27132/68487", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.", - "cve": "CVE-2024-27132", - "id": "pyup.io-68487", - "more_info_path": "/vulnerabilities/CVE-2024-27132/68487", + "advisory": "mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.", + "cve": "CVE-2024-3573", + "id": "pyup.io-71964", + "more_info_path": "/vulnerabilities/CVE-2024-3573/71964", "specs": [ "<2.10.0" ], @@ -85809,20 +86673,20 @@ "v": "<2.12.1" }, { - "advisory": "A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise.", - "cve": "CVE-2024-1593", - "id": "pyup.io-71963", - "more_info_path": "/vulnerabilities/CVE-2024-1593/71963", + "advisory": "A path traversal vulnerability exists in mlflow/mlflow affected versions, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.", + "cve": "CVE-2024-3848", + "id": "pyup.io-71698", + "more_info_path": "/vulnerabilities/CVE-2024-3848/71698", "specs": [ "<2.12.1" ], "v": "<2.12.1" }, { - "advisory": "A path traversal vulnerability exists in mlflow/mlflow affected versions, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.", - "cve": "CVE-2024-3848", - "id": "pyup.io-71698", - "more_info_path": "/vulnerabilities/CVE-2024-3848/71698", + "advisory": "A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise.", + "cve": "CVE-2024-1593", + "id": "pyup.io-71963", + "more_info_path": "/vulnerabilities/CVE-2024-1593/71963", "specs": [ "<2.12.1" ], @@ -85919,20 +86783,20 @@ "v": "<2.4.1" }, { - "advisory": "Mlflow 2.6.0 includes a fix for CVE-2023-3765: Multiple path traversals on Windows hosts.\r\nhttps://github.com/advisories/GHSA-fmxj-6h9g-6vw3\r\nhttps://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76\r\nhttps://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b", - "cve": "CVE-2023-3765", - "id": "pyup.io-60598", - "more_info_path": "/vulnerabilities/CVE-2023-3765/60598", + "advisory": "Mlflow 2.6.0 includes a fix for a Command Injection vulnerability.\r\nhttps://github.com/advisories/GHSA-ffw3-6378-cqgp", + "cve": "CVE-2023-4033", + "id": "pyup.io-60599", + "more_info_path": "/vulnerabilities/CVE-2023-4033/60599", "specs": [ "<2.6.0" ], "v": "<2.6.0" }, { - "advisory": "Mlflow 2.6.0 includes a fix for a Command Injection vulnerability.\r\nhttps://github.com/advisories/GHSA-ffw3-6378-cqgp", - "cve": "CVE-2023-4033", - "id": "pyup.io-60599", - "more_info_path": "/vulnerabilities/CVE-2023-4033/60599", + "advisory": "Mlflow 2.6.0 includes a fix for CVE-2023-3765: Multiple path traversals on Windows hosts.\r\nhttps://github.com/advisories/GHSA-fmxj-6h9g-6vw3\r\nhttps://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76\r\nhttps://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b", + "cve": "CVE-2023-3765", + "id": "pyup.io-60598", + "more_info_path": "/vulnerabilities/CVE-2023-3765/60598", "specs": [ "<2.6.0" ], @@ -85989,20 +86853,20 @@ "v": "<2.9.2" }, { - "advisory": "mlflow 2.9.2 addresses an Improper Neutralization of Special Elements Used in a Template Engine.\r\nhttps://github.com/mlflow/mlflow/pull/10640/commits/930eb808c6394360d1aa217a9eaa33891c1d244d", - "cve": "CVE-2023-6709", - "id": "pyup.io-62995", - "more_info_path": "/vulnerabilities/CVE-2023-6709/62995", + "advisory": "Mlflow 2.9.2 fixes for Windows Path Traversal attack.\r\n#NOTE: This vulnerability affects only users of Windows.\r\nhttps://github.com/mlflow/mlflow/pull/10647/commits/63dfb885aec22d07b4452828e7fa3e532cc945c4", + "cve": "CVE-2023-6753", + "id": "pyup.io-62996", + "more_info_path": "/vulnerabilities/CVE-2023-6753/62996", "specs": [ "<2.9.2" ], "v": "<2.9.2" }, { - "advisory": "Mlflow 2.9.2 fixes for Windows Path Traversal attack.\r\n#NOTE: This vulnerability affects only users of Windows.\r\nhttps://github.com/mlflow/mlflow/pull/10647/commits/63dfb885aec22d07b4452828e7fa3e532cc945c4", - "cve": "CVE-2023-6753", - "id": "pyup.io-62996", - "more_info_path": "/vulnerabilities/CVE-2023-6753/62996", + "advisory": "mlflow 2.9.2 addresses an Improper Neutralization of Special Elements Used in a Template Engine.\r\nhttps://github.com/mlflow/mlflow/pull/10640/commits/930eb808c6394360d1aa217a9eaa33891c1d244d", + "cve": "CVE-2023-6709", + "id": "pyup.io-62995", + "more_info_path": "/vulnerabilities/CVE-2023-6709/62995", "specs": [ "<2.9.2" ], @@ -86049,10 +86913,10 @@ "v": ">=0,<1.23.1" }, { - "advisory": "A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.", - "cve": "CVE-2023-6975", - "id": "pyup.io-65220", - "more_info_path": "/vulnerabilities/CVE-2023-6975/65220", + "advisory": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.", + "cve": "CVE-2023-6831", + "id": "pyup.io-65216", + "more_info_path": "/vulnerabilities/CVE-2023-6831/65216", "specs": [ ">=0,<2.9.2" ], @@ -86069,20 +86933,20 @@ "v": ">=0,<2.9.2" }, { - "advisory": "with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.", - "cve": "CVE-2023-6940", - "id": "pyup.io-65218", - "more_info_path": "/vulnerabilities/CVE-2023-6940/65218", + "advisory": "A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.", + "cve": "CVE-2023-6974", + "id": "pyup.io-65219", + "more_info_path": "/vulnerabilities/CVE-2023-6974/65219", "specs": [ ">=0,<2.9.2" ], "v": ">=0,<2.9.2" }, { - "advisory": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.", - "cve": "CVE-2023-6909", - "id": "pyup.io-65217", - "more_info_path": "/vulnerabilities/CVE-2023-6909/65217", + "advisory": "A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.", + "cve": "CVE-2023-6975", + "id": "pyup.io-65220", + "more_info_path": "/vulnerabilities/CVE-2023-6975/65220", "specs": [ ">=0,<2.9.2" ], @@ -86090,19 +86954,19 @@ }, { "advisory": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.", - "cve": "CVE-2023-6831", - "id": "pyup.io-65216", - "more_info_path": "/vulnerabilities/CVE-2023-6831/65216", + "cve": "CVE-2023-6909", + "id": "pyup.io-65217", + "more_info_path": "/vulnerabilities/CVE-2023-6909/65217", "specs": [ ">=0,<2.9.2" ], "v": ">=0,<2.9.2" }, { - "advisory": "A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.", - "cve": "CVE-2023-6974", - "id": "pyup.io-65219", - "more_info_path": "/vulnerabilities/CVE-2023-6974/65219", + "advisory": "with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.", + "cve": "CVE-2023-6940", + "id": "pyup.io-65218", + "more_info_path": "/vulnerabilities/CVE-2023-6940/65218", "specs": [ ">=0,<2.9.2" ], @@ -86254,10 +87118,10 @@ "v": "<0.9.0rc7" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-37712", - "id": "pyup.io-49212", - "more_info_path": "/vulnerabilities/CVE-2021-37712/49212", + "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2022-22816", + "id": "pyup.io-49218", + "more_info_path": "/vulnerabilities/CVE-2022-22816/49218", "specs": [ "<1.0.3rc1" ], @@ -86265,9 +87129,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-23343", - "id": "pyup.io-49207", - "more_info_path": "/vulnerabilities/CVE-2021-23343/49207", + "cve": "CVE-2021-35942", + "id": "pyup.io-49175", + "more_info_path": "/vulnerabilities/CVE-2021-35942/49175", "specs": [ "<1.0.3rc1" ], @@ -86275,9 +87139,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3918", - "id": "pyup.io-49171", - "more_info_path": "/vulnerabilities/CVE-2021-3918/49171", + "cve": "CVE-2022-23219", + "id": "pyup.io-49178", + "more_info_path": "/vulnerabilities/CVE-2022-23219/49178", + "specs": [ + "<1.0.3rc1" + ], + "v": "<1.0.3rc1" + }, + { + "advisory": "Mlrun 1.0.3rc1 adds \"notebook~=6.4\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2021-32798", + "id": "pyup.io-49216", + "more_info_path": "/vulnerabilities/CVE-2021-32798/49216", "specs": [ "<1.0.3rc1" ], @@ -86285,9 +87159,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-33503", - "id": "pyup.io-49213", - "more_info_path": "/vulnerabilities/CVE-2021-33503/49213", + "cve": "CVE-2022-24785", + "id": "pyup.io-49205", + "more_info_path": "/vulnerabilities/CVE-2022-24785/49205", "specs": [ "<1.0.3rc1" ], @@ -86295,9 +87169,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3326", - "id": "pyup.io-49179", - "more_info_path": "/vulnerabilities/CVE-2021-3326/49179", + "cve": "CVE-2021-41247", + "id": "pyup.io-49173", + "more_info_path": "/vulnerabilities/CVE-2021-41247/49173", "specs": [ "<1.0.3rc1" ], @@ -86314,10 +87188,10 @@ "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"notebook~=6.4\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2021-32798", - "id": "pyup.io-49216", - "more_info_path": "/vulnerabilities/CVE-2021-32798/49216", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e\r\nhttps://github.com/advisories/GHSA-hxwm-x553-x359", + "cve": "PVE-2022-49161", + "id": "pyup.io-49165", + "more_info_path": "/vulnerabilities/PVE-2022-49161/49165", "specs": [ "<1.0.3rc1" ], @@ -86325,19 +87199,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-27645", - "id": "pyup.io-49177", - "more_info_path": "/vulnerabilities/CVE-2021-27645/49177", + "cve": "CVE-2021-32804", + "id": "pyup.io-49208", + "more_info_path": "/vulnerabilities/CVE-2021-32804/49208", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e\r\nhttps://github.com/advisories/GHSA-hxwm-x553-x359", - "cve": "PVE-2022-49161", - "id": "pyup.io-49165", - "more_info_path": "/vulnerabilities/PVE-2022-49161/49165", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", + "cve": "CVE-2020-29562", + "id": "pyup.io-49184", + "more_info_path": "/vulnerabilities/CVE-2020-29562/49184", "specs": [ "<1.0.3rc1" ], @@ -86345,9 +87219,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-33910", - "id": "pyup.io-49202", - "more_info_path": "/vulnerabilities/CVE-2021-33910/49202", + "cve": "CVE-2021-3997", + "id": "pyup.io-49204", + "more_info_path": "/vulnerabilities/CVE-2021-3997/49204", "specs": [ "<1.0.3rc1" ], @@ -86355,19 +87229,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-35942", - "id": "pyup.io-49175", - "more_info_path": "/vulnerabilities/CVE-2021-35942/49175", + "cve": "CVE-2021-39134", + "id": "pyup.io-49164", + "more_info_path": "/vulnerabilities/CVE-2021-39134/49164", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-22816", - "id": "pyup.io-49218", - "more_info_path": "/vulnerabilities/CVE-2022-22816/49218", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", + "cve": "CVE-2021-39135", + "id": "pyup.io-49161", + "more_info_path": "/vulnerabilities/CVE-2021-39135/49161", "specs": [ "<1.0.3rc1" ], @@ -86375,9 +87249,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3807", - "id": "pyup.io-49166", - "more_info_path": "/vulnerabilities/CVE-2021-3807/49166", + "cve": "CVE-2021-23343", + "id": "pyup.io-49207", + "more_info_path": "/vulnerabilities/CVE-2021-23343/49207", "specs": [ "<1.0.3rc1" ], @@ -86385,9 +87259,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-23219", - "id": "pyup.io-49178", - "more_info_path": "/vulnerabilities/CVE-2022-23219/49178", + "cve": "CVE-2020-13529", + "id": "pyup.io-49203", + "more_info_path": "/vulnerabilities/CVE-2020-13529/49203", "specs": [ "<1.0.3rc1" ], @@ -86395,9 +87269,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-32797", - "id": "pyup.io-49174", - "more_info_path": "/vulnerabilities/CVE-2021-32797/49174", + "cve": "CVE-2021-27645", + "id": "pyup.io-49177", + "more_info_path": "/vulnerabilities/CVE-2021-27645/49177", "specs": [ "<1.0.3rc1" ], @@ -86405,9 +87279,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-32804", - "id": "pyup.io-49208", - "more_info_path": "/vulnerabilities/CVE-2021-32804/49208", + "cve": "CVE-2019-25013", + "id": "pyup.io-49185", + "more_info_path": "/vulnerabilities/CVE-2019-25013/49185", "specs": [ "<1.0.3rc1" ], @@ -86425,9 +87299,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-32803", - "id": "pyup.io-49210", - "more_info_path": "/vulnerabilities/CVE-2021-32803/49210", + "cve": "CVE-2021-37712", + "id": "pyup.io-49212", + "more_info_path": "/vulnerabilities/CVE-2021-37712/49212", "specs": [ "<1.0.3rc1" ], @@ -86435,9 +87309,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-0155", - "id": "pyup.io-49169", - "more_info_path": "/vulnerabilities/CVE-2022-0155/49169", + "cve": "CVE-2021-33910", + "id": "pyup.io-49202", + "more_info_path": "/vulnerabilities/CVE-2021-33910/49202", "specs": [ "<1.0.3rc1" ], @@ -86445,19 +87319,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-24785", - "id": "pyup.io-49205", - "more_info_path": "/vulnerabilities/CVE-2022-24785/49205", + "cve": "CVE-2021-32797", + "id": "pyup.io-49174", + "more_info_path": "/vulnerabilities/CVE-2021-32797/49174", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-23218", - "id": "pyup.io-49180", - "more_info_path": "/vulnerabilities/CVE-2022-23218/49180", + "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2022-22815", + "id": "pyup.io-49219", + "more_info_path": "/vulnerabilities/CVE-2022-22815/49219", "specs": [ "<1.0.3rc1" ], @@ -86465,29 +87339,29 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3999", - "id": "pyup.io-49188", - "more_info_path": "/vulnerabilities/CVE-2021-3999/49188", + "cve": "CVE-2022-0155", + "id": "pyup.io-49169", + "more_info_path": "/vulnerabilities/CVE-2022-0155/49169", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"notebook~=6.4\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-24758", - "id": "pyup.io-49215", - "more_info_path": "/vulnerabilities/CVE-2022-24758/49215", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", + "cve": "CVE-2022-23218", + "id": "pyup.io-49180", + "more_info_path": "/vulnerabilities/CVE-2022-23218/49180", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2020-27618", - "id": "pyup.io-49176", - "more_info_path": "/vulnerabilities/CVE-2020-27618/49176", + "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2022-22817", + "id": "pyup.io-49220", + "more_info_path": "/vulnerabilities/CVE-2022-22817/49220", "specs": [ "<1.0.3rc1" ], @@ -86495,9 +87369,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2020-29562", - "id": "pyup.io-49184", - "more_info_path": "/vulnerabilities/CVE-2020-29562/49184", + "cve": "CVE-2021-32803", + "id": "pyup.io-49210", + "more_info_path": "/vulnerabilities/CVE-2021-32803/49210", "specs": [ "<1.0.3rc1" ], @@ -86505,9 +87379,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-24757", - "id": "pyup.io-49172", - "more_info_path": "/vulnerabilities/CVE-2022-24757/49172", + "cve": "CVE-2016-10228", + "id": "pyup.io-49200", + "more_info_path": "/vulnerabilities/CVE-2016-10228/49200", "specs": [ "<1.0.3rc1" ], @@ -86515,9 +87389,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-22815", - "id": "pyup.io-49219", - "more_info_path": "/vulnerabilities/CVE-2022-22815/49219", + "cve": "CVE-2022-24303", + "id": "pyup.io-49217", + "more_info_path": "/vulnerabilities/CVE-2022-24303/49217", "specs": [ "<1.0.3rc1" ], @@ -86525,9 +87399,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-21699", - "id": "pyup.io-49170", - "more_info_path": "/vulnerabilities/CVE-2022-21699/49170", + "cve": "CVE-2021-37701", + "id": "pyup.io-49211", + "more_info_path": "/vulnerabilities/CVE-2021-37701/49211", "specs": [ "<1.0.3rc1" ], @@ -86535,9 +87409,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-39135", - "id": "pyup.io-49161", - "more_info_path": "/vulnerabilities/CVE-2021-39135/49161", + "cve": "CVE-2020-27618", + "id": "pyup.io-49176", + "more_info_path": "/vulnerabilities/CVE-2020-27618/49176", "specs": [ "<1.0.3rc1" ], @@ -86545,19 +87419,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2020-6096", - "id": "pyup.io-49182", - "more_info_path": "/vulnerabilities/CVE-2020-6096/49182", + "cve": "CVE-2021-3999", + "id": "pyup.io-49188", + "more_info_path": "/vulnerabilities/CVE-2021-3999/49188", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-41247", - "id": "pyup.io-49173", - "more_info_path": "/vulnerabilities/CVE-2021-41247/49173", + "advisory": "Mlrun 1.0.3rc1 adds \"notebook~=6.4\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2022-24758", + "id": "pyup.io-49215", + "more_info_path": "/vulnerabilities/CVE-2022-24758/49215", "specs": [ "<1.0.3rc1" ], @@ -86565,19 +87439,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2020-13529", - "id": "pyup.io-49203", - "more_info_path": "/vulnerabilities/CVE-2020-13529/49203", - "specs": [ - "<1.0.3rc1" - ], - "v": "<1.0.3rc1" - }, - { - "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-24303", - "id": "pyup.io-49217", - "more_info_path": "/vulnerabilities/CVE-2022-24303/49217", + "cve": "CVE-2020-6096", + "id": "pyup.io-49182", + "more_info_path": "/vulnerabilities/CVE-2020-6096/49182", "specs": [ "<1.0.3rc1" ], @@ -86585,9 +87449,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-39134", - "id": "pyup.io-49164", - "more_info_path": "/vulnerabilities/CVE-2021-39134/49164", + "cve": "CVE-2021-3918", + "id": "pyup.io-49171", + "more_info_path": "/vulnerabilities/CVE-2021-3918/49171", "specs": [ "<1.0.3rc1" ], @@ -86595,9 +87459,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2016-10228", - "id": "pyup.io-49200", - "more_info_path": "/vulnerabilities/CVE-2016-10228/49200", + "cve": "CVE-2021-33503", + "id": "pyup.io-49213", + "more_info_path": "/vulnerabilities/CVE-2021-33503/49213", "specs": [ "<1.0.3rc1" ], @@ -86605,19 +87469,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3997", - "id": "pyup.io-49204", - "more_info_path": "/vulnerabilities/CVE-2021-3997/49204", + "cve": "CVE-2021-3326", + "id": "pyup.io-49179", + "more_info_path": "/vulnerabilities/CVE-2021-3326/49179", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-22817", - "id": "pyup.io-49220", - "more_info_path": "/vulnerabilities/CVE-2022-22817/49220", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", + "cve": "CVE-2021-3807", + "id": "pyup.io-49166", + "more_info_path": "/vulnerabilities/CVE-2021-3807/49166", "specs": [ "<1.0.3rc1" ], @@ -86625,9 +87489,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-37701", - "id": "pyup.io-49211", - "more_info_path": "/vulnerabilities/CVE-2021-37701/49211", + "cve": "CVE-2022-24757", + "id": "pyup.io-49172", + "more_info_path": "/vulnerabilities/CVE-2022-24757/49172", "specs": [ "<1.0.3rc1" ], @@ -86635,9 +87499,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2019-25013", - "id": "pyup.io-49185", - "more_info_path": "/vulnerabilities/CVE-2019-25013/49185", + "cve": "CVE-2022-21699", + "id": "pyup.io-49170", + "more_info_path": "/vulnerabilities/CVE-2022-21699/49170", "specs": [ "<1.0.3rc1" ], @@ -86665,9 +87529,9 @@ }, { "advisory": "Mlrun 1.0.4rc1 updates its dependency 'storey' to v1.0.5 to fix transitive vulnerabilities related to NumPy.", - "cve": "CVE-2021-41495", - "id": "pyup.io-49372", - "more_info_path": "/vulnerabilities/CVE-2021-41495/49372", + "cve": "CVE-2021-34141", + "id": "pyup.io-49371", + "more_info_path": "/vulnerabilities/CVE-2021-34141/49371", "specs": [ "<1.0.4rc1" ], @@ -86675,119 +87539,119 @@ }, { "advisory": "Mlrun 1.0.4rc1 updates its dependency 'storey' to v1.0.5 to fix transitive vulnerabilities related to NumPy.", - "cve": "CVE-2021-34141", - "id": "pyup.io-49371", - "more_info_path": "/vulnerabilities/CVE-2021-34141/49371", + "cve": "CVE-2021-41495", + "id": "pyup.io-49372", + "more_info_path": "/vulnerabilities/CVE-2021-41495/49372", "specs": [ "<1.0.4rc1" ], "v": "<1.0.4rc1" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'async' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-43138", - "id": "pyup.io-50988", - "more_info_path": "/vulnerabilities/CVE-2021-43138/50988", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-3326", + "id": "pyup.io-51011", + "more_info_path": "/vulnerabilities/CVE-2021-3326/51011", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'ipython' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-21699", - "id": "pyup.io-51004", - "more_info_path": "/vulnerabilities/CVE-2022-21699/51004", + "advisory": "Mlrun 1.1.0 updates the Python package 'jupyterhub' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-41247", + "id": "pyup.io-51002", + "more_info_path": "/vulnerabilities/CVE-2021-41247/51002", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2016-10228", - "id": "pyup.io-51015", - "more_info_path": "/vulnerabilities/CVE-2016-10228/51015", + "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-37713", + "id": "pyup.io-50995", + "more_info_path": "/vulnerabilities/CVE-2021-37713/50995", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-33910", - "id": "pyup.io-51018", - "more_info_path": "/vulnerabilities/CVE-2021-33910/51018", + "advisory": "Mlrun 1.1.0 updates the Python package 'numpy' in its base image to include a security fix.", + "cve": "CVE-2021-33430", + "id": "pyup.io-51005", + "more_info_path": "/vulnerabilities/CVE-2021-33430/51005", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2020-13529", - "id": "pyup.io-51019", - "more_info_path": "/vulnerabilities/CVE-2020-13529/51019", + "advisory": "Mlrun 1.1.0 updates the NPM package 'json-schema' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-3918", + "id": "pyup.io-50991", + "more_info_path": "/vulnerabilities/CVE-2021-3918/50991", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3997", - "id": "pyup.io-51020", - "more_info_path": "/vulnerabilities/CVE-2021-3997/51020", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-23219", + "id": "pyup.io-51010", + "more_info_path": "/vulnerabilities/CVE-2022-23219/51010", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2020-6096", - "id": "pyup.io-51014", - "more_info_path": "/vulnerabilities/CVE-2020-6096/51014", + "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-32804", + "id": "pyup.io-50994", + "more_info_path": "/vulnerabilities/CVE-2021-32804/50994", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-37713", - "id": "pyup.io-50995", - "more_info_path": "/vulnerabilities/CVE-2021-37713/50995", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-23218", + "id": "pyup.io-51012", + "more_info_path": "/vulnerabilities/CVE-2022-23218/51012", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'json-schema' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3918", - "id": "pyup.io-50991", - "more_info_path": "/vulnerabilities/CVE-2021-3918/50991", + "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-37712", + "id": "pyup.io-51000", + "more_info_path": "/vulnerabilities/CVE-2021-37712/51000", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package '@npmcli/arborist' in its base image to include security fixes.", - "cve": "CVE-2021-39135", - "id": "pyup.io-50919", - "more_info_path": "/vulnerabilities/CVE-2021-39135/50919", + "advisory": "Mlrun 1.1.0 updates the Python package 'urllib3' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-33503", + "id": "pyup.io-51006", + "more_info_path": "/vulnerabilities/CVE-2021-33503/51006", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'follow-redirects' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-0536", - "id": "pyup.io-50989", - "more_info_path": "/vulnerabilities/CVE-2022-0536/50989", + "advisory": "Mlrun 1.1.0 updates the Python package 'ipython' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-21699", + "id": "pyup.io-51004", + "more_info_path": "/vulnerabilities/CVE-2022-21699/51004", "specs": [ "<1.1.0" ], @@ -86795,9 +87659,9 @@ }, { "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-23219", - "id": "pyup.io-51010", - "more_info_path": "/vulnerabilities/CVE-2022-23219/51010", + "cve": "CVE-2020-6096", + "id": "pyup.io-51014", + "more_info_path": "/vulnerabilities/CVE-2020-6096/51014", "specs": [ "<1.1.0" ], @@ -86814,10 +87678,20 @@ "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-32804", - "id": "pyup.io-50994", - "more_info_path": "/vulnerabilities/CVE-2021-32804/50994", + "advisory": "Mlrun 1.1.0 updates the NPM package 'ansi-regex' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-3807", + "id": "pyup.io-50987", + "more_info_path": "/vulnerabilities/CVE-2021-3807/50987", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, + { + "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-3997", + "id": "pyup.io-51020", + "more_info_path": "/vulnerabilities/CVE-2021-3997/51020", "specs": [ "<1.1.0" ], @@ -86834,10 +87708,30 @@ "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'numpy' in its base image to include a security fix.", - "cve": "CVE-2021-33430", - "id": "pyup.io-51005", - "more_info_path": "/vulnerabilities/CVE-2021-33430/51005", + "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2020-13529", + "id": "pyup.io-51019", + "more_info_path": "/vulnerabilities/CVE-2020-13529/51019", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, + { + "advisory": "Mlrun 1.1.0 updates the NPM package 'async' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-43138", + "id": "pyup.io-50988", + "more_info_path": "/vulnerabilities/CVE-2021-43138/50988", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, + { + "advisory": "Mlrun 1.1.0 updates the Python package 'jupyterlab' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-32797", + "id": "pyup.io-51003", + "more_info_path": "/vulnerabilities/CVE-2021-32797/51003", "specs": [ "<1.1.0" ], @@ -86884,50 +87778,50 @@ "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'jupyter-server' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-24757", - "id": "pyup.io-51001", - "more_info_path": "/vulnerabilities/CVE-2022-24757/51001", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2016-10228", + "id": "pyup.io-51015", + "more_info_path": "/vulnerabilities/CVE-2016-10228/51015", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'path-parse' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-23343", - "id": "pyup.io-50993", - "more_info_path": "/vulnerabilities/CVE-2021-23343/50993", + "advisory": "Mlrun 1.1.0 updates the NPM package '@npmcli/arborist' in its base image to include security fixes.", + "cve": "CVE-2021-39135", + "id": "pyup.io-50919", + "more_info_path": "/vulnerabilities/CVE-2021-39135/50919", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-23218", - "id": "pyup.io-51012", - "more_info_path": "/vulnerabilities/CVE-2022-23218/51012", + "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-33910", + "id": "pyup.io-51018", + "more_info_path": "/vulnerabilities/CVE-2021-33910/51018", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3326", - "id": "pyup.io-51011", - "more_info_path": "/vulnerabilities/CVE-2021-3326/51011", + "advisory": "Mlrun 1.1.0 updates the NPM package 'follow-redirects' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-0536", + "id": "pyup.io-50989", + "more_info_path": "/vulnerabilities/CVE-2022-0536/50989", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'jupyterlab' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-32797", - "id": "pyup.io-51003", - "more_info_path": "/vulnerabilities/CVE-2021-32797/51003", + "advisory": "Mlrun 1.1.0 updates the NPM package 'moment' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-24785", + "id": "pyup.io-50992", + "more_info_path": "/vulnerabilities/CVE-2022-24785/50992", "specs": [ "<1.1.0" ], @@ -86944,30 +87838,20 @@ "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'urllib3' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-33503", - "id": "pyup.io-51006", - "more_info_path": "/vulnerabilities/CVE-2021-33503/51006", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, - { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-35942", - "id": "pyup.io-51007", - "more_info_path": "/vulnerabilities/CVE-2021-35942/51007", + "advisory": "Mlrun 1.1.0 updates the NPM package 'path-parse' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-23343", + "id": "pyup.io-50993", + "more_info_path": "/vulnerabilities/CVE-2021-23343/50993", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'moment' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-24785", - "id": "pyup.io-50992", - "more_info_path": "/vulnerabilities/CVE-2022-24785/50992", + "advisory": "Mlrun 1.1.0 updates the Python package 'jupyter-server' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-24757", + "id": "pyup.io-51001", + "more_info_path": "/vulnerabilities/CVE-2022-24757/51001", "specs": [ "<1.1.0" ], @@ -86975,9 +87859,9 @@ }, { "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2020-27618", - "id": "pyup.io-51008", - "more_info_path": "/vulnerabilities/CVE-2020-27618/51008", + "cve": "CVE-2021-35942", + "id": "pyup.io-51007", + "more_info_path": "/vulnerabilities/CVE-2021-35942/51007", "specs": [ "<1.1.0" ], @@ -86994,30 +87878,10 @@ "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'ansi-regex' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3807", - "id": "pyup.io-50987", - "more_info_path": "/vulnerabilities/CVE-2021-3807/50987", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, - { - "advisory": "Mlrun 1.1.0 updates the Python package 'jupyterhub' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-41247", - "id": "pyup.io-51002", - "more_info_path": "/vulnerabilities/CVE-2021-41247/51002", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, - { - "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-37712", - "id": "pyup.io-51000", - "more_info_path": "/vulnerabilities/CVE-2021-37712/51000", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2020-27618", + "id": "pyup.io-51008", + "more_info_path": "/vulnerabilities/CVE-2020-27618/51008", "specs": [ "<1.1.0" ], @@ -87094,20 +87958,20 @@ "v": "<1.4.0rc9" }, { - "advisory": "Mlrun version 1.6.2rc1 upgrades its Cryptography dependency to approximately version 41.0 from 42.0 to mitigate the security risks identified in CVE-2024-24762.\r\nhttps://github.com/mlrun/mlrun/pull/5205/commits/71647ae50e2f6a97adbad3312c1737db46b7eb38", + "advisory": "Mlrun version 1.6.2rc1 upgrades its FastAPI dependency to approximately version 0.110.0 from 0.103.2 to mitigate the security risks identified in CVE-2024-24762.\r\nhttps://github.com/mlrun/mlrun/pull/5205/commits/71647ae50e2f6a97adbad3312c1737db46b7eb38", "cve": "CVE-2024-24762", - "id": "pyup.io-65950", - "more_info_path": "/vulnerabilities/CVE-2024-24762/65950", + "id": "pyup.io-65893", + "more_info_path": "/vulnerabilities/CVE-2024-24762/65893", "specs": [ "<1.6.2rc1" ], "v": "<1.6.2rc1" }, { - "advisory": "Mlrun version 1.6.2rc1 upgrades its FastAPI dependency to approximately version 0.110.0 from 0.103.2 to mitigate the security risks identified in CVE-2024-24762.\r\nhttps://github.com/mlrun/mlrun/pull/5205/commits/71647ae50e2f6a97adbad3312c1737db46b7eb38", + "advisory": "Mlrun version 1.6.2rc1 upgrades its Cryptography dependency to approximately version 41.0 from 42.0 to mitigate the security risks identified in CVE-2024-24762.\r\nhttps://github.com/mlrun/mlrun/pull/5205/commits/71647ae50e2f6a97adbad3312c1737db46b7eb38", "cve": "CVE-2024-24762", - "id": "pyup.io-65893", - "more_info_path": "/vulnerabilities/CVE-2024-24762/65893", + "id": "pyup.io-65950", + "more_info_path": "/vulnerabilities/CVE-2024-24762/65950", "specs": [ "<1.6.2rc1" ], @@ -87646,14 +88510,24 @@ ], "mocodo": [ { - "advisory": "Mocodo Mocodo Online affected versions does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote code execution (RCE) under certain conditions.", + "advisory": "Affected versions of Mocodo are vulnerable to OS Command Injection. This vulnerability could lead to remote code execution, allowing attackers to execute arbitrary commands on the server. The attack vector is through unsanitized user input in the web interface, specifically in the generate.php script where the sql_case parameter is used without proper escaping. The vulnerable function is the construction of $transformation_options. This vulnerability is easily exploitable as it requires minimal user interaction. To mitigate this issue, upgrade to Mocodo version 4.2.7 or later, which implements proper input sanitization using escapeshellarg(). This vulnerability affects PHP-based deployments of Mocodo's web interface. The CWE for this vulnerability is CWE-78: Improper Neutralization of Special Elements used in an OS Command.", + "cve": "CVE-2024-35373", + "id": "pyup.io-73341", + "more_info_path": "/vulnerabilities/CVE-2024-35373/73341", + "specs": [ + "<4.2.9" + ], + "v": "<4.2.9" + }, + { + "advisory": "Affected versions of Mocodo are vulnerable to OS Command Injection. This vulnerability could result in remote code execution, potentially leading to unauthorized access to sensitive data or complete system compromise. The attack vector involves manipulating input fields in the web interface, particularly in generate.php and rewrite.php. Vulnerable areas include the construction of $basthon_options in generate.php and $command_line in rewrite.php. The vulnerability is exploitable by an attacker with access to the web interface. To remediate, update to Mocodo version 4.2.7 or later, which properly escapes user input using escapeshellarg(). This vulnerability primarily affects PHP-based deployments of Mocodo's online interface. The CWE classification is CWE-78: Improper Neutralization of Special Elements used in an OS Command.", "cve": "CVE-2024-35374", "id": "pyup.io-71899", "more_info_path": "/vulnerabilities/CVE-2024-35374/71899", "specs": [ - "<=4.2.6" + "<4.2.9" ], - "v": "<=4.2.6" + "v": "<4.2.9" } ], "mod-wsgi": [ @@ -88621,6 +89495,16 @@ } ], "mosaicml": [ + { + "advisory": "Mosaicml 0.13.0 updates its dependency 'ipython' to v8.11.0 in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2023-24816", + "id": "pyup.io-53698", + "more_info_path": "/vulnerabilities/CVE-2023-24816/53698", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, { "advisory": "Mosaicml 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", "cve": "PVE-2021-44525", @@ -88661,16 +89545,6 @@ ], "v": "<0.13.0" }, - { - "advisory": "Mosaicml 0.13.0 updates its dependency 'ipython' to v8.11.0 in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2023-24816", - "id": "pyup.io-53698", - "more_info_path": "/vulnerabilities/CVE-2023-24816/53698", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" - }, { "advisory": "Mosaicml 0.13.0 updates its dependency 'urllib3' requirement to '>=1.26.5,<2'' in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", "cve": "CVE-2021-33503", @@ -89162,16 +90036,6 @@ ], "v": "<1.1.0" }, - { - "advisory": "Msticpy 1.1.0 updates its dependency 'aiohttp' to v3.7.4 to include a security fix.", - "cve": "CVE-2021-21330", - "id": "pyup.io-43648", - "more_info_path": "/vulnerabilities/CVE-2021-21330/43648", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, { "advisory": "Msticpy 1.1.0 updates its dependency 'lxml' to v4.6.3 to include security fixes.", "cve": "CVE-2014-3146", @@ -89193,14 +90057,14 @@ "v": "<1.1.0" }, { - "advisory": "Msticpy 1.8.2 updates Docker source to mcr Anaconda for preventing supply chain attacks.\r\nhttps://github.com/microsoft/msticpy/pull/397", - "cve": "PVE-2022-48632", - "id": "pyup.io-48632", - "more_info_path": "/vulnerabilities/PVE-2022-48632/48632", + "advisory": "Msticpy 1.1.0 updates its dependency 'aiohttp' to v3.7.4 to include a security fix.", + "cve": "CVE-2021-21330", + "id": "pyup.io-43648", + "more_info_path": "/vulnerabilities/CVE-2021-21330/43648", "specs": [ - "<1.8.2" + "<1.1.0" ], - "v": "<1.8.2" + "v": "<1.1.0" }, { "advisory": "Msticpy 1.8.2 removes ability to use plaintext token cache because of security concerns.\r\nhttps://github.com/microsoft/msticpy/pull/413", @@ -89211,6 +90075,16 @@ "<1.8.2" ], "v": "<1.8.2" + }, + { + "advisory": "Msticpy 1.8.2 updates Docker source to mcr Anaconda for preventing supply chain attacks.\r\nhttps://github.com/microsoft/msticpy/pull/397", + "cve": "PVE-2022-48632", + "id": "pyup.io-48632", + "more_info_path": "/vulnerabilities/PVE-2022-48632/48632", + "specs": [ + "<1.8.2" + ], + "v": "<1.8.2" } ], "mstr-rest-requests": [ @@ -90458,10 +91332,10 @@ ], "nannyml": [ { - "advisory": "Nannyml 0.8.4 updates its dependency 'pillow' to v9.3.0 to include a security fix.", - "cve": "CVE-2022-45199", - "id": "pyup.io-53759", - "more_info_path": "/vulnerabilities/CVE-2022-45199/53759", + "advisory": "Nannyml 0.8.4 updates its dependency 'pip' to v21.1 to include a security fix.", + "cve": "CVE-2021-3572", + "id": "pyup.io-53749", + "more_info_path": "/vulnerabilities/CVE-2021-3572/53749", "specs": [ "<0.8.4" ], @@ -90478,20 +91352,20 @@ "v": "<0.8.4" }, { - "advisory": "Nannyml 0.8.4 updates its dependency 'wheel' to v0.38.1 to include a security fix.", - "cve": "CVE-2022-40898", - "id": "pyup.io-53758", - "more_info_path": "/vulnerabilities/CVE-2022-40898/53758", + "advisory": "Nannyml 0.8.4 updates its dependency 'pillow' to v9.3.0 to include a security fix.", + "cve": "CVE-2022-45199", + "id": "pyup.io-53759", + "more_info_path": "/vulnerabilities/CVE-2022-45199/53759", "specs": [ "<0.8.4" ], "v": "<0.8.4" }, { - "advisory": "Nannyml 0.8.4 updates its dependency 'pip' to v21.1 to include a security fix.", - "cve": "CVE-2021-3572", - "id": "pyup.io-53749", - "more_info_path": "/vulnerabilities/CVE-2021-3572/53749", + "advisory": "Nannyml 0.8.4 updates its dependency 'wheel' to v0.38.1 to include a security fix.", + "cve": "CVE-2022-40898", + "id": "pyup.io-53758", + "more_info_path": "/vulnerabilities/CVE-2022-40898/53758", "specs": [ "<0.8.4" ], @@ -90690,9 +91564,9 @@ }, { "advisory": "Nautilus-trader 1.137.1 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "PVE-2022-44524", - "id": "pyup.io-44600", - "more_info_path": "/vulnerabilities/PVE-2022-44524/44600", + "cve": "CVE-2022-22817", + "id": "pyup.io-44601", + "more_info_path": "/vulnerabilities/CVE-2022-22817/44601", "specs": [ "<1.137.1" ], @@ -90700,9 +91574,9 @@ }, { "advisory": "Nautilus-trader 1.137.1 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22817", - "id": "pyup.io-44601", - "more_info_path": "/vulnerabilities/CVE-2022-22817/44601", + "cve": "PVE-2022-44524", + "id": "pyup.io-44600", + "more_info_path": "/vulnerabilities/PVE-2022-44524/44600", "specs": [ "<1.137.1" ], @@ -90750,6 +91624,16 @@ ], "v": "<1.2.3" }, + { + "advisory": "Nautobot 1.2.4 upgrades its `Pillow` dependency to 9.0.0 for Python versions >=3.7 to fix CVEs. This change is in response to the security vulnerability identified as CVE-2022-22816.\r\nhttps://github.com/nautobot/nautobot/pull/1270/commits/6434eff5b26ff28a4e06985e3bbb00ae64b8b324", + "cve": "CVE-2022-22816", + "id": "pyup.io-63593", + "more_info_path": "/vulnerabilities/CVE-2022-22816/63593", + "specs": [ + "<1.2.4" + ], + "v": "<1.2.4" + }, { "advisory": "Nautobot 1.2.4 upgrades its `Pillow` dependency to 9.0.0 for Python versions >=3.7 to fix CVEs. This change is in response to the security vulnerability identified as CVE-2022-22817. \r\nhttps://github.com/nautobot/nautobot/pull/1270/commits/6434eff5b26ff28a4e06985e3bbb00ae64b8b324", "cve": "CVE-2022-22817", @@ -90770,16 +91654,6 @@ ], "v": "<1.2.4" }, - { - "advisory": "Nautobot 1.2.4 upgrades its `Pillow` dependency to 9.0.0 for Python versions >=3.7 to fix CVEs. This change is in response to the security vulnerability identified as CVE-2022-22816.\r\nhttps://github.com/nautobot/nautobot/pull/1270/commits/6434eff5b26ff28a4e06985e3bbb00ae64b8b324", - "cve": "CVE-2022-22816", - "id": "pyup.io-63593", - "more_info_path": "/vulnerabilities/CVE-2022-22816/63593", - "specs": [ - "<1.2.4" - ], - "v": "<1.2.4" - }, { "advisory": "Nautobot 1.2.9 requires Pillow 9.0.1 or later for Python >= 3.7 in develop. This change is in response to the security vulnerability identified as CVE-2022-22817. \r\nhttps://github.com/nautobot/nautobot/pull/1488/commits/2f117f8e8a648a1e58a779477aa282f813014f40", "cve": "CVE-2022-22817", @@ -90842,10 +91716,10 @@ "v": "<1.6.10,>=2.0.0,<2.1.2" }, { - "advisory": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.", - "cve": "CVE-2024-23345", - "id": "pyup.io-66715", - "more_info_path": "/vulnerabilities/CVE-2024-23345/66715", + "advisory": "Nautobot is affected by a potential XSS vulnerability via 'files/get'. The mentioned endpoint was configured without \"add_attachment_headers\": True and it was missing the Content-Disposition: attachment HTTP header. Without this header, users might not be prompted to download a file; instead, the file could potentially be executed or displayed directly in the browser. This behavior can lead to various security issues, such as Cross-Site Scripting (XSS), automatic execution of potentially malicious files, or unintended disclosure of sensitive information.\r\nhttps://github.com/nautobot/nautobot/pull/5109", + "cve": "PVE-2024-64429", + "id": "pyup.io-64429", + "more_info_path": "/vulnerabilities/PVE-2024-64429/64429", "specs": [ "<1.6.10", ">=2.0.0,<2.1.2" @@ -90853,10 +91727,10 @@ "v": "<1.6.10,>=2.0.0,<2.1.2" }, { - "advisory": "Nautobot is affected by a potential XSS vulnerability via 'files/get'. The mentioned endpoint was configured without \"add_attachment_headers\": True and it was missing the Content-Disposition: attachment HTTP header. Without this header, users might not be prompted to download a file; instead, the file could potentially be executed or displayed directly in the browser. This behavior can lead to various security issues, such as Cross-Site Scripting (XSS), automatic execution of potentially malicious files, or unintended disclosure of sensitive information.\r\nhttps://github.com/nautobot/nautobot/pull/5109", - "cve": "PVE-2024-64429", - "id": "pyup.io-64429", - "more_info_path": "/vulnerabilities/PVE-2024-64429/64429", + "advisory": "Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2.", + "cve": "CVE-2024-23345", + "id": "pyup.io-66715", + "more_info_path": "/vulnerabilities/CVE-2024-23345/66715", "specs": [ "<1.6.10", ">=2.0.0,<2.1.2" @@ -90897,15 +91771,15 @@ "v": "<1.6.6,>=2.0.0,<2.0.5" }, { - "advisory": "Nautobot 1.6.8 updates its cryptography dependency from version 41.0.5 to 41.0.6. This change is in response to the security vulnerability identified as CVE-2023-49083.\r\nhttps://github.com/nautobot/nautobot/pull/4876/commits/c10507a8f9f70f5741711dc85f4c87adb08600cc", + "advisory": "Nautobot 1.6.8 and 2.0.6 update its dependency 'cryptography' to include a security fix.\r\nhttps://github.com/nautobot/nautobot/pull/4876/commits/c10507a8f9f70f5741711dc85f4c87adb08600cc", "cve": "CVE-2023-49083", "id": "pyup.io-63585", "more_info_path": "/vulnerabilities/CVE-2023-49083/63585", "specs": [ "<1.6.8", - ">=2.0.0rc1,<2.1.0" + ">=2.0.0a1,<2.0.6" ], - "v": "<1.6.8,>=2.0.0rc1,<2.1.0" + "v": "<1.6.8,>=2.0.0a1,<2.0.6" }, { "advisory": "Nautobot 1.6.8 and 2.1.0 updates its paramiko dependency from version 3.3.1 to 3.4.0. This change is in response to the security vulnerability identified as CVE-2023-48795.\r\nhttps://github.com/nautobot/nautobot/pull/5002/commits/e8e2bfdf4c0c0e8d923d936b44d53e91405eb256", @@ -90918,16 +91792,6 @@ ], "v": "<1.6.8,>=2.0.0rc1,<2.1.0" }, - { - "advisory": "Nautobot 2.0.3 addresses a security vulnerability in certain REST API endpoints. These endpoints, when combined with the ?depth= query parameter, could potentially expose hashed user passwords to any authenticated user with access to these endpoints. Although the passwords were not exposed in plaintext, this vulnerability was considered significant enough to warrant a patch.\r\nhttps://github.com/nautobot/nautobot/pull/4692\r\nhttps://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp", - "cve": "CVE-2023-46128", - "id": "pyup.io-63588", - "more_info_path": "/vulnerabilities/CVE-2023-46128/63588", - "specs": [ - "<2.0.3" - ], - "v": "<2.0.3" - }, { "advisory": "Nautobot 2.0.3 addresses a vulnerability where a failed git repo sync could expose sensitive token values in logging. It occurred when trying to sync to a repository requiring basic authentication. The bug caused the failure details, including the access token, to be logged. In the fixed version, Nautobot now redacts the token from the log output. This update improves the security of the system by preventing sensitive data exposure in logs\r\nhttps://github.com/nautobot/nautobot/issues/4673\r\nhttps://github.com/nautobot/nautobot/pull/4683", "cve": "PVE-2024-63589", @@ -90948,6 +91812,16 @@ ], "v": "<2.0.3" }, + { + "advisory": "Nautobot 2.0.3 addresses a security vulnerability in certain REST API endpoints. These endpoints, when combined with the ?depth= query parameter, could potentially expose hashed user passwords to any authenticated user with access to these endpoints. Although the passwords were not exposed in plaintext, this vulnerability was considered significant enough to warrant a patch.\r\nhttps://github.com/nautobot/nautobot/pull/4692\r\nhttps://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp", + "cve": "CVE-2023-46128", + "id": "pyup.io-63588", + "more_info_path": "/vulnerabilities/CVE-2023-46128/63588", + "specs": [ + "<2.0.3" + ], + "v": "<2.0.3" + }, { "advisory": "Nautobot 2.0.6 resolves problems related to network device discovery and data consistency checks. With this release, users can expect improved performance and fewer disruptions during operation. \r\nhttps://github.com/nautobot/nautobot/pull/4959", "cve": "PVE-2024-63587", @@ -91364,6 +92238,26 @@ "<0.31.27" ], "v": "<0.31.27" + }, + { + "advisory": "Nearbeach 0.31.34 updates its NPM dependency 'webpack' from 5.90.3 to 5.94.0 to include a security fix.", + "cve": "CVE-2024-43788", + "id": "pyup.io-73123", + "more_info_path": "/vulnerabilities/CVE-2024-43788/73123", + "specs": [ + "<0.31.34" + ], + "v": "<0.31.34" + }, + { + "advisory": "Nearbeach 0.31.34 updates its NPM dependency 'axios' from 1.6.7 to 1.7.4 to include a security fix.", + "cve": "CVE-2024-39338", + "id": "pyup.io-73118", + "more_info_path": "/vulnerabilities/CVE-2024-39338/73118", + "specs": [ + "<0.31.34" + ], + "v": "<0.31.34" } ], "nebari": [ @@ -92188,6 +93082,18 @@ "v": "<2.5" } ], + "neuroconv": [ + { + "advisory": "Neuroconv 0.6.4 updates its dependency 'opencv-python-headless' to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-73255", + "more_info_path": "/vulnerabilities/CVE-2023-4863/73255", + "specs": [ + "<0.6.4" + ], + "v": "<0.6.4" + } + ], "neuromynerva": [ { "advisory": "Neuromynerva version 0.2.12 updates its NPM dependency 'ansi-regex' to v5.0.1 to include a security fix.", @@ -92215,10 +93121,10 @@ "v": "<10.0.8,>=11.0.0.0b1,<11.0.7,>=12.0.0.0b1,<12.0.6,>=13.0.0.0b1,<13.0.3" }, { - "advisory": "Neutron 13.0.0.0b2, 12.0.3 and 11.0.5 include a fix for CVE-2018-14635: When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool.", - "cve": "CVE-2018-14635", - "id": "pyup.io-36482", - "more_info_path": "/vulnerabilities/CVE-2018-14635/36482", + "advisory": "Neutron 13.0.0.0b2, 12.0.3 and 11.0.5 include a fix for CVE-2018-14636: Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration.", + "cve": "CVE-2018-14636", + "id": "pyup.io-36483", + "more_info_path": "/vulnerabilities/CVE-2018-14636/36483", "specs": [ "<11.0.5", ">=12.0.0.0b1,<12.0.3", @@ -92227,10 +93133,10 @@ "v": "<11.0.5,>=12.0.0.0b1,<12.0.3,>=13.0.0.0b1,<13.0.0.0b2" }, { - "advisory": "Neutron 13.0.0.0b2, 12.0.3 and 11.0.5 include a fix for CVE-2018-14636: Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration.", - "cve": "CVE-2018-14636", - "id": "pyup.io-36483", - "more_info_path": "/vulnerabilities/CVE-2018-14636/36483", + "advisory": "Neutron 13.0.0.0b2, 12.0.3 and 11.0.5 include a fix for CVE-2018-14635: When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool.", + "cve": "CVE-2018-14635", + "id": "pyup.io-36482", + "more_info_path": "/vulnerabilities/CVE-2018-14635/36482", "specs": [ "<11.0.5", ">=12.0.0.0b1,<12.0.3", @@ -92251,10 +93157,10 @@ "v": "<16.4.1,>=17.0.0.0rc1,<17.1.3,==18.0.0" }, { - "advisory": "An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. See CVE-2021-40797. \r\nhttps://launchpad.net/bugs/1942179", - "cve": "CVE-2021-40797", - "id": "pyup.io-41285", - "more_info_path": "/vulnerabilities/CVE-2021-40797/41285", + "advisory": "Neutron 16.4.1, 17.2.1 and 18.1.1 include a fix for CVE-2021-40085: An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.\r\nhttps://www.openwall.com/lists/oss-security/2021/08/31/2", + "cve": "CVE-2021-40085", + "id": "pyup.io-41251", + "more_info_path": "/vulnerabilities/CVE-2021-40085/41251", "specs": [ "<16.4.1", ">=17.0.0.0rc1,<17.2.1", @@ -92263,10 +93169,10 @@ "v": "<16.4.1,>=17.0.0.0rc1,<17.2.1,>=18.0.0.0rc1,<18.1.1" }, { - "advisory": "Neutron 16.4.1, 17.2.1 and 18.1.1 include a fix for CVE-2021-40085: An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.\r\nhttps://www.openwall.com/lists/oss-security/2021/08/31/2", - "cve": "CVE-2021-40085", - "id": "pyup.io-41251", - "more_info_path": "/vulnerabilities/CVE-2021-40085/41251", + "advisory": "An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. See CVE-2021-40797. \r\nhttps://launchpad.net/bugs/1942179", + "cve": "CVE-2021-40797", + "id": "pyup.io-41285", + "more_info_path": "/vulnerabilities/CVE-2021-40797/41285", "specs": [ "<16.4.1", ">=17.0.0.0rc1,<17.2.1", @@ -92528,17 +93434,98 @@ ], "nextflow": [ { - "advisory": "Nextflow 23.04.4 resolves a vulnerability in the Google Batch script launcher by removing the -o allow_other mount option, which posed a shell injection risk. This update significantly enhances the security of batch job submissions to Google Cloud, ensuring safer and more secure operations. \r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code, but installing the package will result in using a vulnerable version of the Nextflow core.", - "cve": "PVE-2024-64085", - "id": "pyup.io-64085", - "more_info_path": "/vulnerabilities/PVE-2024-64085/64085", + "advisory": "Nextflow affected versions contain a concurrency issue in task processing. A race condition in the ParallelTaskProcessor and TaskProcessor classes could lead to inconsistent state or unexpected behaviour in multi-threaded environments. This issue has been resolved by separating the creation and starting of DataflowOperators and making the 'processor' field volatile.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2023-60439", + "id": "pyup.io-60439", + "more_info_path": "/vulnerabilities/PVE-2023-60439/60439", + "specs": [ + "<0.13.4" + ], + "v": "<0.13.4" + }, + { + "advisory": "Nextflow affected versions contain a race condition vulnerability in task processing. The issue stemmed from the improper ordering of task registration and operator creation, potentially leading to inconsistent states or unexpected behaviour in multi-threaded environments. The commit addresses this by reordering operations to ensure proper task registration before operator creation and adds error handling to the state listener.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2024-72998", + "id": "pyup.io-72998", + "more_info_path": "/vulnerabilities/PVE-2024-72998/72998", "specs": [ - "<23.04.4" + "<0.13.4" ], - "v": "<23.04.4" + "v": "<0.13.4" + }, + { + "advisory": "Nextflow affected versions contain vulnerabilities in the launcher script that could allow privilege escalation and code injection. The launcher was stored in a potentially insecure user-specific directory and written using a method susceptible to race conditions. These issues have been resolved by relocating the launcher to a system-wide temporary directory and improving the writing process. \r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2023-60438", + "id": "pyup.io-60438", + "more_info_path": "/vulnerabilities/PVE-2023-60438/60438", + "specs": [ + "<0.16.5" + ], + "v": "<0.16.5" }, { - "advisory": "Nextflow 23.04.5 upgrades its pf4j dependency version from 3.4.1 to 3.10.0 due to the CVE-2023-40826.\r\n# Note: The Nextflow launcher installer itself does not contain any vulnerable code, but installing the package will result in using a vulnerable version of the Nextflow core.", + "advisory": "Nextflow affected versions contain potential concurrency issues in task handling and process termination. These could lead to race conditions or inconsistent states in multi-threaded environments. The commit fix addresses these by improving synchronization mechanisms, refactoring task handling logic, and enhancing error management. It renames methods for clarity, introduces volatile variables and AtomicIntegers for better thread safety, and implements more robust process termination checks.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2023-60440", + "id": "pyup.io-60440", + "more_info_path": "/vulnerabilities/PVE-2023-60440/60440", + "specs": [ + "<0.5.4" + ], + "v": "<0.5.4" + }, + { + "advisory": "Nextflow affected versions may be susceptible to race conditions in file system handling within the XFileSystemProvider class. These vulnerabilities could lead to inconsistent behaviour, resource leaks, or potential crashes in multi-threaded environments. The issues have been addressed by implementing thread-safe mechanisms for file system creation and retrieval, including synchronized blocks and improved data structures.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2023-60437", + "id": "pyup.io-60437", + "more_info_path": "/vulnerabilities/PVE-2023-60437/60437", + "specs": [ + "<20.10.0" + ], + "v": "<20.10.0" + }, + { + "advisory": "Nextflow affected versions may be susceptible to race conditions in file system access and plugin loading, potentially leading to unexpected behavior or crashes. Additionally, an infinite loop in the path resolution process could be exploited for denial of service attacks. The issues have been addressed by improving synchronization mechanisms, enhancing plugin loading logic, and replacing the infinite loop with a deterministic process.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2023-60436", + "id": "pyup.io-60436", + "more_info_path": "/vulnerabilities/PVE-2023-60436/60436", + "specs": [ + "<21.10.5" + ], + "v": "<21.10.5" + }, + { + "advisory": "Nextflow affected versions contain a thread safety issue in the CustomPoolFactory class. A race condition in the createPool() method could lead to inconsistent pool creation in multi-threaded environments, potentially causing resource management issues and application instability under high concurrency. The problem has been resolved by implementing synchronization and memoization. \r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2023-53384", + "id": "pyup.io-53384", + "more_info_path": "/vulnerabilities/PVE-2023-53384/53384", + "specs": [ + "<22.04.0" + ], + "v": "<22.04.0" + }, + { + "advisory": "Nextflow affected versions may be susceptible to inconsistent resource cleanup and potential race conditions during application shutdown. These issues could lead to resource leaks or incomplete retrieval of sensitive data from memory. The vulnerability stems from disparate shutdown mechanisms across different components. The issue has been addressed by implementing a centralized cleanup mechanism (Global.onCleanup()), providing more consistent and context-aware resource management.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2023-60435", + "id": "pyup.io-60435", + "more_info_path": "/vulnerabilities/PVE-2023-60435/60435", + "specs": [ + "<22.10.0rc1" + ], + "v": "<22.10.0rc1" + }, + { + "advisory": "Nextflow affected versions may be susceptible to race conditions in multi-threaded environments due to a non-thread-safe implementation of the ContainerResolverProvider.load() method. The issue has been resolved by synchronizing the load() method, ensuring thread-safe initialization of ContainerResolver instances.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2023-55037", + "id": "pyup.io-55037", + "more_info_path": "/vulnerabilities/PVE-2023-55037/55037", + "specs": [ + "<22.10.7", + ">=23.01.0-edge,<23.04.0" + ], + "v": "<22.10.7,>=23.01.0-edge,<23.04.0" + }, + { + "advisory": "Nextflow 23.04.5 upgrades its pf4j dependency version from 3.4.1 to 3.10.0 due to the CVE-2023-40826.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", "cve": "CVE-2023-40826", "id": "pyup.io-64231", "more_info_path": "/vulnerabilities/CVE-2023-40826/64231", @@ -92548,24 +93535,104 @@ "v": "<23.04.5" }, { - "advisory": "Nextflow 23.04.5 upgrades its Apache Ivy dependency version from 2.5.1 to 2.5.2 due to the CVE-2022-46751.\r\n# Note: The Nextflow launcher installer itself does not contain any vulnerable code, but installing the package will result in using a vulnerable version of the Nextflow core.", - "cve": "CVE-2022-46751", - "id": "pyup.io-64084", - "more_info_path": "/vulnerabilities/CVE-2022-46751/64084", + "advisory": "Nextflow 23.04.5 upgrades its Eclipse JGit dependency version from 6.5.0.202303070854-r to 6.6.1.202309021850-r due to the CVE-2023-4759.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "CVE-2023-4759", + "id": "pyup.io-64230", + "more_info_path": "/vulnerabilities/CVE-2023-4759/64230", "specs": [ "<23.04.5" ], "v": "<23.04.5" }, { - "advisory": "Nextflow 23.04.5 upgrades its Eclipse JGit dependency version from 6.5.0.202303070854-r to 6.6.1.202309021850-r due to the CVE-2023-4759.\r\n# Note: The Nextflow launcher installer itself does not contain any vulnerable code, but installing the package will result in using a vulnerable version of the Nextflow core.", + "advisory": "Nextflow affected versions contain a security vulnerability in the Google Cloud Storage (GCS) mount configuration, specifically the Google Batch script launcher. The 'allow_other' mount option, potentially allows unauthorized access to mounted GCS volumes in multi-user or containerized environments. This could lead to data breaches or unauthorized modifications of files stored in GCS buckets.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "PVE-2024-64085", + "id": "pyup.io-64085", + "more_info_path": "/vulnerabilities/PVE-2024-64085/64085", + "specs": [ + "<23.09.2-edge" + ], + "v": "<23.09.2-edge" + }, + { + "advisory": "Nextflow updates its Apache Ivy library from version 2.5.1 to 2.5.2 to address CVE-2022-46751.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "CVE-2022-46751", + "id": "pyup.io-73006", + "more_info_path": "/vulnerabilities/CVE-2022-46751/73006", + "specs": [ + "<23.10.2" + ], + "v": "<23.10.2" + }, + { + "advisory": "Nextflow updates its Guava library from version 31.1-jre to 32.0.0-jre to address CVE-2023-2976.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "CVE-2023-2976", + "id": "pyup.io-73005", + "more_info_path": "/vulnerabilities/CVE-2023-2976/73005", + "specs": [ + "<23.10.2" + ], + "v": "<23.10.2" + }, + { + "advisory": "Nextflow updates its Logback library from version 1.4.6 to 1.4.14 to address CVE-2023-6481.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "CVE-2023-6481", + "id": "pyup.io-72114", + "more_info_path": "/vulnerabilities/CVE-2023-6481/72114", + "specs": [ + "<23.10.2" + ], + "v": "<23.10.2" + }, + { + "advisory": "Nextflow updates its JGit library from version 6.5.0 to 6.6.1 to address CVE-2023-4759.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", "cve": "CVE-2023-4759", - "id": "pyup.io-64230", - "more_info_path": "/vulnerabilities/CVE-2023-4759/64230", + "id": "pyup.io-73004", + "more_info_path": "/vulnerabilities/CVE-2023-4759/73004", "specs": [ - "<23.04.5" + "<23.10.2" ], - "v": "<23.04.5" + "v": "<23.10.2" + }, + { + "advisory": "Nextflow updates its Apache Commons Compress library from version 1.21 to 1.26.0 to address CVE-2024-26308.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "CVE-2024-26308", + "id": "pyup.io-73007", + "more_info_path": "/vulnerabilities/CVE-2024-26308/73007", + "specs": [ + "<23.10.2" + ], + "v": "<23.10.2" + }, + { + "advisory": "Nextflow updates its PF4J library from version 3.4.1 to 3.10.0 to address CVE-2023-40827.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "CVE-2023-40827", + "id": "pyup.io-73003", + "more_info_path": "/vulnerabilities/CVE-2023-40827/73003", + "specs": [ + "<23.10.2" + ], + "v": "<23.10.2" + }, + { + "advisory": "Nextflow has updated its Logback dependency from version 1.4.12 to 1.4.14 to address CVE-2023-6481.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "CVE-2023-6481", + "id": "pyup.io-73000", + "more_info_path": "/vulnerabilities/CVE-2023-6481/73000", + "specs": [ + "<24.04.0" + ], + "v": "<24.04.0" + }, + { + "advisory": "Nextflow updates its Logback dependency from version 1.4.12 to 1.4.14 to address CVE-2023-6378.\r\nNote: The Nextflow launcher installer itself does not contain any vulnerable code. However, installing this package will result in using a version of the Nextflow core that may contain known vulnerabilities.", + "cve": "CVE-2023-6378", + "id": "pyup.io-71101", + "more_info_path": "/vulnerabilities/CVE-2023-6378/71101", + "specs": [ + "<24.04.0" + ], + "v": "<24.04.0" } ], "nf-core": [ @@ -92641,6 +93708,16 @@ } ], "nicegui": [ + { + "advisory": "Nicegui 0.7.2 updates its dependency 'pillow' to v9.0.0 to include security fixes.", + "cve": "PVE-2022-44524", + "id": "pyup.io-44598", + "more_info_path": "/vulnerabilities/PVE-2022-44524/44598", + "specs": [ + "<0.7.2" + ], + "v": "<0.7.2" + }, { "advisory": "Nicegui 0.7.2 updates its dependency 'pillow' to v9.0.0 to include security fixes.", "cve": "CVE-2022-22816", @@ -92681,16 +93758,6 @@ ], "v": "<0.7.2" }, - { - "advisory": "Nicegui 0.7.2 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "PVE-2022-44524", - "id": "pyup.io-44598", - "more_info_path": "/vulnerabilities/PVE-2022-44524/44598", - "specs": [ - "<0.7.2" - ], - "v": "<0.7.2" - }, { "advisory": "Nicegui 0.9.26 updates its dependency 'pillow' to v9.3.0 to include a security fix.", "cve": "CVE-2022-45199", @@ -94193,6 +95260,30 @@ "v": "<4.7.1" } ], + "notion-database": [ + { + "advisory": "Notion-database 1.2.2 updates its dependency 'setuptools' to v74.1.2 to include a security fix.", + "cve": "CVE-2024-6345", + "id": "pyup.io-73117", + "more_info_path": "/vulnerabilities/CVE-2024-6345/73117", + "specs": [ + "<1.2.2" + ], + "v": "<1.2.2" + } + ], + "notolog": [ + { + "advisory": "Notolog 1.0.2 updates its dependency 'cryptography' to include a security fix.", + "cve": "CVE-2024-4603", + "id": "pyup.io-73478", + "more_info_path": "/vulnerabilities/CVE-2024-4603/73478", + "specs": [ + "<1.0.2" + ], + "v": "<1.0.2" + } + ], "nova": [ { "advisory": "The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.", @@ -94310,14 +95401,14 @@ "v": "<25.2.0,>=26.0.0.0rc1,<26.2.0,>=27.0.0.0rc1,<27.1.0" }, { - "advisory": "An issue in affected versions of OpenStack Nova allows arbitrary file access via custom QCOW2 external data. An authenticated user can supply a crafted QCOW2 image that references a specific data file path, convincing systems to return a copy of that file's contents from the server. This results in unauthorized access to potentially sensitive data.", + "advisory": "An security flaw in affected versions of OpenStack Nova allows arbitrary file access via custom QCOW2 external data. An authenticated user can supply a crafted QCOW2 image that references a specific data file path, convincing systems to return a copy of that file's contents from the server. This results in unauthorized access to potentially sensitive data.", "cve": "CVE-2024-32498", "id": "pyup.io-72149", "more_info_path": "/vulnerabilities/CVE-2024-32498/72149", "specs": [ - "<29.1.0" + "<30.0.0.0rc1" ], - "v": "<29.1.0" + "v": "<30.0.0.0rc1" }, { "advisory": "In OpenStack Nova affected versions, by supplying a raw format image that is a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.", @@ -94458,20 +95549,20 @@ "v": ">=2000,<2013.2.3" }, { - "advisory": "The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.", - "cve": "CVE-2013-4179", - "id": "pyup.io-35437", - "more_info_path": "/vulnerabilities/CVE-2013-4179/35437", + "advisory": "OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.", + "cve": "CVE-2013-2256", + "id": "pyup.io-35434", + "more_info_path": "/vulnerabilities/CVE-2013-2256/35434", "specs": [ ">=2010,<2013.1.3" ], "v": ">=2010,<2013.1.3" }, { - "advisory": "OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.", - "cve": "CVE-2013-2256", - "id": "pyup.io-35434", - "more_info_path": "/vulnerabilities/CVE-2013-2256/35434", + "advisory": "The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.", + "cve": "CVE-2013-4179", + "id": "pyup.io-35437", + "more_info_path": "/vulnerabilities/CVE-2013-4179/35437", "specs": [ ">=2010,<2013.1.3" ], @@ -94510,10 +95601,10 @@ "v": ">=2010,<2014.1.4,>=2014.2,<2014.2.3" }, { - "advisory": "OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.", - "cve": "CVE-2015-3280", - "id": "pyup.io-35617", - "more_info_path": "/vulnerabilities/CVE-2015-3280/35617", + "advisory": "OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.", + "cve": "CVE-2015-7713", + "id": "pyup.io-35650", + "more_info_path": "/vulnerabilities/CVE-2015-7713/35650", "specs": [ ">=2010,<2014.2.4", ">=2015.1,<2015.1.2" @@ -94521,10 +95612,10 @@ "v": ">=2010,<2014.2.4,>=2015.1,<2015.1.2" }, { - "advisory": "OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.", - "cve": "CVE-2015-7713", - "id": "pyup.io-35650", - "more_info_path": "/vulnerabilities/CVE-2015-7713/35650", + "advisory": "OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.", + "cve": "CVE-2015-3280", + "id": "pyup.io-35617", + "more_info_path": "/vulnerabilities/CVE-2015-3280/35617", "specs": [ ">=2010,<2014.2.4", ">=2015.1,<2015.1.2" @@ -95265,6 +96356,18 @@ "v": "<1.8.1" } ], + "numpyro-oop": [ + { + "advisory": "Numpyro-oop has resolved a security vulnerability in jupyterlab by updating the development dependency to version 4.2.5, addressing CVE-2024-43805.", + "cve": "CVE-2024-43805", + "id": "pyup.io-73390", + "more_info_path": "/vulnerabilities/CVE-2024-43805/73390", + "specs": [ + "<0.0.2" + ], + "v": "<0.0.2" + } + ], "nuplone": [ { "advisory": "Nuplone 2.1.0 adds CSRF auth token to paste url.\r\nhttps://github.com/euphorie/NuPlone/commit/f52e70928c03d1c92c6a6d10a26e3c294d029ae7", @@ -95360,6 +96463,16 @@ ], "v": "<2.4.2" }, + { + "advisory": "NVFlare has updated its dependency on Werkzeug from version 3.0.1 to 3.0.3 to address the security vulnerability CVE-2024-34069.", + "cve": "CVE-2024-34069", + "id": "pyup.io-73134", + "more_info_path": "/vulnerabilities/CVE-2024-34069/73134", + "specs": [ + "<2.5.0" + ], + "v": "<2.5.0" + }, { "advisory": "Certain versions of Nvflare are vulnerable to a race condition. The pipe handler has a thread for reading data from the pipe and checking the pipe status, but the pipe handler can be stopped at any time, setting the pipe object to None. This PR resolves the issue by ensuring the reading thread checks that the pipe object is not None before accessing its methods, making the thread operation safe.", "cve": "PVE-2024-72482", @@ -95421,6 +96534,38 @@ "v": ">=0,<2.1.4" } ], + "nvidia-modulus.sym": [ + { + "advisory": "Nvidia-modulus.sym upgrades notebook to resolve CVEs GHSA-9q39-rmj3-p4r2 - CVE-2024-43805.", + "cve": "CVE-2024-43805", + "id": "pyup.io-73436", + "more_info_path": "/vulnerabilities/CVE-2024-43805/73436", + "specs": [ + "<1.7.0" + ], + "v": "<1.7.0" + }, + { + "advisory": "Nvidia-modulus.sym upgrades setuptools to fix GHSA-cx63-2mw6-8hw5 and CVE-2024-6345.", + "cve": "CVE-2024-6345", + "id": "pyup.io-73445", + "more_info_path": "/vulnerabilities/CVE-2024-6345/73445", + "specs": [ + "<1.7.0" + ], + "v": "<1.7.0" + }, + { + "advisory": "Nvidia-modulus.sym upgrades opencv-python to address GHSA-qr4w-53vh-m672 - CVE-2023-4863.", + "cve": "CVE-2023-4863", + "id": "pyup.io-73444", + "more_info_path": "/vulnerabilities/CVE-2023-4863/73444", + "specs": [ + "<1.7.0" + ], + "v": "<1.7.0" + } + ], "nwb-conversion-tools": [ { "advisory": "Nwb-conversion-tools 0.11.38 updates its dependency 'numpy' to v1.22.0 to include security fixes.", @@ -97430,20 +98575,20 @@ "v": "<5.3.4" }, { - "advisory": "OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0. See CVE-2021-21376.", - "cve": "CVE-2021-21376", - "id": "pyup.io-40088", - "more_info_path": "/vulnerabilities/CVE-2021-21376/40088", + "advisory": "OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting. See CVE-2021-21377.", + "cve": "CVE-2021-21377", + "id": "pyup.io-40089", + "more_info_path": "/vulnerabilities/CVE-2021-21377/40089", "specs": [ "<5.9.0" ], "v": "<5.9.0" }, { - "advisory": "OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting. See CVE-2021-21377.", - "cve": "CVE-2021-21377", - "id": "pyup.io-40089", - "more_info_path": "/vulnerabilities/CVE-2021-21377/40089", + "advisory": "OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0. See CVE-2021-21376.", + "cve": "CVE-2021-21376", + "id": "pyup.io-40088", + "more_info_path": "/vulnerabilities/CVE-2021-21376/40088", "specs": [ "<5.9.0" ], @@ -98070,20 +99215,20 @@ ], "openapi-python-client": [ { - "advisory": "In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. See: CVE-2020-15142.", - "cve": "CVE-2020-15142", - "id": "pyup.io-38691", - "more_info_path": "/vulnerabilities/CVE-2020-15142/38691", + "advisory": "In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. See: CVE-2020-15141.", + "cve": "CVE-2020-15141", + "id": "pyup.io-38690", + "more_info_path": "/vulnerabilities/CVE-2020-15141/38690", "specs": [ "<0.5.3" ], "v": "<0.5.3" }, { - "advisory": "In openapi-python-client before version 0.5.3, there is a path traversal vulnerability. If a user generated a client using a maliciously crafted OpenAPI document, it is possible for generated files to be placed in arbitrary locations on disk. See: CVE-2020-15141.", - "cve": "CVE-2020-15141", - "id": "pyup.io-38690", - "more_info_path": "/vulnerabilities/CVE-2020-15141/38690", + "advisory": "In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution. See: CVE-2020-15142.", + "cve": "CVE-2020-15142", + "id": "pyup.io-38691", + "more_info_path": "/vulnerabilities/CVE-2020-15142/38691", "specs": [ "<0.5.3" ], @@ -98335,9 +99480,9 @@ }, { "advisory": "Openbb 2.4.0 updates its NPM dependency 'eta' to v2.0.0 to include security fixes.", - "cve": "CVE-2022-25967", - "id": "pyup.io-53379", - "more_info_path": "/vulnerabilities/CVE-2022-25967/53379", + "cve": "CVE-2023-23630", + "id": "pyup.io-53366", + "more_info_path": "/vulnerabilities/CVE-2023-23630/53366", "specs": [ "<2.4.0" ], @@ -98345,9 +99490,9 @@ }, { "advisory": "Openbb 2.4.0 updates its NPM dependency 'eta' to v2.0.0 to include security fixes.", - "cve": "CVE-2023-23630", - "id": "pyup.io-53366", - "more_info_path": "/vulnerabilities/CVE-2023-23630/53366", + "cve": "CVE-2022-25967", + "id": "pyup.io-53379", + "more_info_path": "/vulnerabilities/CVE-2022-25967/53379", "specs": [ "<2.4.0" ], @@ -102612,6 +103757,18 @@ "v": ">=0.2.0,<0.6.1" } ], + "ophyd-async": [ + { + "advisory": "Affected versions of `ophyd_async` are vulnerable to a race condition when setting one signal and monitoring another. This issue could lead to missed signal changes or incorrect system behaviour in asynchronous environments. The vulnerability has been addressed by introducing the `set_and_wait_for_other_value` function, which ensures that monitoring starts before the signal is set, preventing race conditions.", + "cve": "PVE-2024-73037", + "id": "pyup.io-73037", + "more_info_path": "/vulnerabilities/PVE-2024-73037/73037", + "specs": [ + "<0.5.1" + ], + "v": "<0.5.1" + } + ], "ops": [ { "advisory": "The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets, and not correctly capturing and processing `subprocess.CalledProcessError`.", @@ -102669,9 +103826,9 @@ }, { "advisory": "Opsml 0.3.0 updates its dependency 'tensorflow' to v2.11.1 to include several security fixes affecting Confidentiality, Integrity and Availability.", - "cve": "CVE-2023-25663", - "id": "pyup.io-61333", - "more_info_path": "/vulnerabilities/CVE-2023-25663/61333", + "cve": "CVE-2023-25667", + "id": "pyup.io-61335", + "more_info_path": "/vulnerabilities/CVE-2023-25667/61335", "specs": [ "<0.3.0" ], @@ -102689,9 +103846,9 @@ }, { "advisory": "Opsml 0.3.0 updates its dependency 'tensorflow' to v2.11.1 to include several security fixes affecting Confidentiality, Integrity and Availability.", - "cve": "CVE-2023-25667", - "id": "pyup.io-61335", - "more_info_path": "/vulnerabilities/CVE-2023-25667/61335", + "cve": "CVE-2023-25663", + "id": "pyup.io-61333", + "more_info_path": "/vulnerabilities/CVE-2023-25663/61333", "specs": [ "<0.3.0" ], @@ -103298,6 +104455,18 @@ "v": "==0.24.1" } ], + "oxl-ansible-webui": [ + { + "advisory": "A Cross-Site Scripting (XSS) vulnerability has been identified in the AnsibleGuy WebUI project. The vulnerability allows an attacker to inject arbitrary JavaScript code through user-supplied regex patterns. This injected code could be executed in the context of other users' browsers, potentially leading to session hijacking, theft of sensitive information, or other malicious actions. The vulnerability stems from insufficient input sanitization when handling and displaying regex patterns. The commit fix partially addresses this vulnerability by introducing escaping mechanisms and input validation", + "cve": "PVE-2024-73191", + "id": "pyup.io-73191", + "more_info_path": "/vulnerabilities/PVE-2024-73191/73191", + "specs": [ + "<0.0.23" + ], + "v": "<0.0.23" + } + ], "ozi": [ { "advisory": "Ozi version 0.0.302 updates its dependency on Black to version 24.3 or higher. This adjustment is made to address the ReDoS (Regular Expression Denial of Service) vulnerability identified in CVE-2024-21503.", @@ -103419,16 +104588,6 @@ } ], "paddlepaddle": [ - { - "advisory": "Code injection in `paddle.audio.functional.get_window` in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. A [patch](https://github.com/PaddlePaddle/Paddle/commit/26c419ca386aeae3c461faf2b828d00b48e908eb) is available on the `develop` branch of the repository and anticipated to be part of a 2.4 release.", - "cve": "CVE-2022-46742", - "id": "pyup.io-54595", - "more_info_path": "/vulnerabilities/CVE-2022-46742/54595", - "specs": [ - "<2.5.0" - ], - "v": "<2.5.0" - }, { "advisory": "Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.", "cve": "CVE-2023-38670", @@ -103480,14 +104639,14 @@ "v": "<2.5.0" }, { - "advisory": "Nullptr in paddle.nextafter\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", - "cve": "CVE-2023-52302", - "id": "pyup.io-70391", - "more_info_path": "/vulnerabilities/CVE-2023-52302/70391", + "advisory": "Code injection in `paddle.audio.functional.get_window` in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. A [patch](https://github.com/PaddlePaddle/Paddle/commit/26c419ca386aeae3c461faf2b828d00b48e908eb) is available on the `develop` branch of the repository and anticipated to be part of a 2.4 release.", + "cve": "CVE-2022-46742", + "id": "pyup.io-54595", + "more_info_path": "/vulnerabilities/CVE-2022-46742/54595", "specs": [ - "<2.6.0" + "<2.5.0" ], - "v": "<2.6.0" + "v": "<2.5.0" }, { "advisory": "PaddlePaddle/Paddle before 2.6.0 is susceptible to a code injection vulnerability that permits an attacker to execute arbitrary commands on the host system.", @@ -103499,16 +104658,6 @@ ], "v": "<2.6.0" }, - { - "advisory": "Nullptr dereference in paddle.crop\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", - "cve": "CVE-2023-52312", - "id": "pyup.io-70384", - "more_info_path": "/vulnerabilities/CVE-2023-52312/70384", - "specs": [ - "<2.6.0" - ], - "v": "<2.6.0" - }, { "advisory": "Nullptr in paddle.put_along_axis\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "cve": "CVE-2023-52303", @@ -103559,16 +104708,6 @@ ], "v": "<2.6.0" }, - { - "advisory": "Nullptr in paddle.dot\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", - "cve": "CVE-2023-38676", - "id": "pyup.io-70394", - "more_info_path": "/vulnerabilities/CVE-2023-38676/70394", - "specs": [ - "<2.6.0" - ], - "v": "<2.6.0" - }, { "advisory": "FPE in paddle.lerp\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "cve": "CVE-2023-52306", @@ -103609,6 +104748,26 @@ ], "v": "<2.6.0" }, + { + "advisory": "Nullptr dereference in paddle.crop\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", + "cve": "CVE-2023-52312", + "id": "pyup.io-70384", + "more_info_path": "/vulnerabilities/CVE-2023-52312/70384", + "specs": [ + "<2.6.0" + ], + "v": "<2.6.0" + }, + { + "advisory": "Nullptr in paddle.nextafter\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", + "cve": "CVE-2023-52302", + "id": "pyup.io-70391", + "more_info_path": "/vulnerabilities/CVE-2023-52302/70391", + "specs": [ + "<2.6.0" + ], + "v": "<2.6.0" + }, { "advisory": "OOB access in paddle.mode\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", "cve": "CVE-2023-38678", @@ -103620,14 +104779,14 @@ "v": "<2.6.0" }, { - "advisory": "Remote code execution in paddlepaddle/paddle affected versions.", - "cve": "CVE-2024-0917", - "id": "pyup.io-71834", - "more_info_path": "/vulnerabilities/CVE-2024-0917/71834", + "advisory": "Nullptr in paddle.dot\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.", + "cve": "CVE-2023-38676", + "id": "pyup.io-70394", + "more_info_path": "/vulnerabilities/CVE-2023-38676/70394", "specs": [ - "<=2.6.0" + "<2.6.0" ], - "v": "<=2.6.0" + "v": "<2.6.0" }, { "advisory": "Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle affected versions.", @@ -103659,6 +104818,16 @@ ], "v": "<=2.6.0" }, + { + "advisory": "Remote code execution in paddlepaddle/paddle affected versions.", + "cve": "CVE-2024-0917", + "id": "pyup.io-71834", + "more_info_path": "/vulnerabilities/CVE-2024-0917/71834", + "specs": [ + "<=2.6.0" + ], + "v": "<=2.6.0" + }, { "advisory": "paddlepaddle/paddle affected versions allow arbitrary file read via paddle.vision.ops.read_file.", "cve": "CVE-2024-1603", @@ -103709,16 +104878,6 @@ ], "v": ">=0,<2.6.0" }, - { - "advisory": "PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.", - "cve": "CVE-2023-52311", - "id": "pyup.io-65205", - "more_info_path": "/vulnerabilities/CVE-2023-52311/65205", - "specs": [ - ">=0,<2.6.0" - ], - "v": ">=0,<2.6.0" - }, { "advisory": "PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.", "cve": "CVE-2023-52314", @@ -103738,6 +104897,16 @@ ">=0,<2.6.0" ], "v": ">=0,<2.6.0" + }, + { + "advisory": "PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.", + "cve": "CVE-2023-52311", + "id": "pyup.io-65205", + "more_info_path": "/vulnerabilities/CVE-2023-52311/65205", + "specs": [ + ">=0,<2.6.0" + ], + "v": ">=0,<2.6.0" } ], "pag": [ @@ -103967,6 +105136,16 @@ ], "v": "<0.8.1" }, + { + "advisory": "Affected versions of PandasAI are vulnerable to an Incomplete List of Disallowed Inputs (CWE-184). This vulnerability could allow attackers to bypass security checks and potentially execute arbitrary code or access system resources. The vulnerability exists in the check_malicious_keywords_in_query method of the BaseAgent class, which used an overly simplistic string matching approach to detect malicious keywords. An attacker could exploit this by obfuscating or creatively formatting malicious input to evade detection. To remediate, update to the version which implements a more robust regular expression-based detection method. This vulnerability affects Python implementations of PandasAI.", + "cve": "PVE-2024-73379", + "id": "pyup.io-73379", + "more_info_path": "/vulnerabilities/PVE-2024-73379/73379", + "specs": [ + "<2.2.15" + ], + "v": "<2.2.15" + }, { "advisory": "GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. \r\nNOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. See CVE-2024-23752.", "cve": "CVE-2024-23752", @@ -104091,6 +105270,16 @@ } ], "panther-analysis-tool": [ + { + "advisory": "Panther-analysis-tool version 0.45.0 has upgraded its aiohttp library to version 3.9.2 from the previous 3.8.6, addressing security concerns highlighted by CVE-2023-49082.", + "cve": "CVE-2023-49082", + "id": "pyup.io-67486", + "more_info_path": "/vulnerabilities/CVE-2023-49082/67486", + "specs": [ + "<0.45.0" + ], + "v": "<0.45.0" + }, { "advisory": "Panther-analysis-tool version 0.45.0 has updated its setuptools dependency to version 65.5.1 from 40.5.0, in response to the security vulnerability identified as CVE-2022-40897..", "cve": "CVE-2022-40897", @@ -104121,16 +105310,6 @@ ], "v": "<0.45.0" }, - { - "advisory": "Panther-analysis-tool version 0.45.0 has upgraded its aiohttp library to version 3.9.2 from the previous 3.8.6, addressing security concerns highlighted by CVE-2023-49082.", - "cve": "CVE-2023-49082", - "id": "pyup.io-67486", - "more_info_path": "/vulnerabilities/CVE-2023-49082/67486", - "specs": [ - "<0.45.0" - ], - "v": "<0.45.0" - }, { "advisory": "Panther-analysis-tool version 0.45.0 has upgraded its aiohttp library to version 3.9.2 from the previous 3.8.6, addressing security concerns highlighted by CVE-2024-23829", "cve": "CVE-2024-23829", @@ -104278,20 +105457,20 @@ "v": "<1.7.2" }, { - "advisory": "Paramiko's core implementation of the SSH transport protocol, including certain OpenSSH extensions used before OpenSSH 9.6, is vulnerable to a \"Terrapin attack.\" This vulnerability allows remote attackers to manipulate packet integrity during the handshake phase, potentially leading to security downgrades or disabled features in SSH connections. Specific attacks target the use of ChaCha20-Poly1305 and CBC with Encrypt-then-MAC, where sequence numbers and integrity checks are improperly managed. This issue particularly affects the chacha20-poly1305@openssh.com and -etm@openssh.com MAC algorithms.", + "advisory": "Paramiko 3.4.0 has been released to fix vulnerabilities affecting encrypt-then-MAC digest algorithms in tandem with CBC ciphers, and ChaCha20-poly1305. The fix requires cooperation from both ends of the connection, making it effective when the remote end is OpenSSH >= 9.6 and configured to use the new \u201cstrict kex\u201d mode. For further details, refer to the official Paramiko documentation or GitHub repository.\r\nhttps://github.com/advisories/GHSA-45x7-px36-x8w8", "cve": "CVE-2023-48795", - "id": "pyup.io-65193", - "more_info_path": "/vulnerabilities/CVE-2023-48795/65193", + "id": "pyup.io-63227", + "more_info_path": "/vulnerabilities/CVE-2023-48795/63227", "specs": [ "<3.4.0" ], "v": "<3.4.0" }, { - "advisory": "Paramiko 3.4.0 has been released to fix vulnerabilities affecting encrypt-then-MAC digest algorithms in tandem with CBC ciphers, and ChaCha20-poly1305. The fix requires cooperation from both ends of the connection, making it effective when the remote end is OpenSSH >= 9.6 and configured to use the new \u201cstrict kex\u201d mode. For further details, refer to the official Paramiko documentation or GitHub repository.\r\nhttps://github.com/advisories/GHSA-45x7-px36-x8w8", + "advisory": "Paramiko's core implementation of the SSH transport protocol, including certain OpenSSH extensions used before OpenSSH 9.6, is vulnerable to a \"Terrapin attack.\" This vulnerability allows remote attackers to manipulate packet integrity during the handshake phase, potentially leading to security downgrades or disabled features in SSH connections. Specific attacks target the use of ChaCha20-Poly1305 and CBC with Encrypt-then-MAC, where sequence numbers and integrity checks are improperly managed. This issue particularly affects the chacha20-poly1305@openssh.com and -etm@openssh.com MAC algorithms.", "cve": "CVE-2023-48795", - "id": "pyup.io-63227", - "more_info_path": "/vulnerabilities/CVE-2023-48795/63227", + "id": "pyup.io-65193", + "more_info_path": "/vulnerabilities/CVE-2023-48795/65193", "specs": [ "<3.4.0" ], @@ -106094,6 +107273,16 @@ ], "v": "<10.0.0" }, + { + "advisory": "Pillow is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask(). A decompression bomb check has also been added to the affected function.", + "cve": "PVE-2024-64437", + "id": "pyup.io-64437", + "more_info_path": "/vulnerabilities/PVE-2024-64437/64437", + "specs": [ + "<10.2.0" + ], + "v": "<10.2.0" + }, { "advisory": "Pillow is affected by an arbitrary code execution vulnerability. If an attacker has control over the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html", "cve": "CVE-2023-50447", @@ -106595,16 +107784,6 @@ ], "v": "<=7.0.0" }, - { - "advisory": "Certain versions of Pillow are susceptible to a denial of service via memory consumption due to inadequate validation of the reported size of a contained image in a BLP container. This can result in attempts to allocate excessively large amounts of memory. To mitigate or avoid this vulnerability, users should consider updating to a newer version that addresses the issue or following any provided workarounds, such as avoiding the processing of specially crafted invalid image files that may trigger this condition. For additional details and potential updates, users may refer to the CVE-2021-27921 entry or contact the software maintainers through the provided channels.", - "cve": "PVE-2024-69615", - "id": "pyup.io-69615", - "more_info_path": "/vulnerabilities/PVE-2024-69615/69615", - "specs": [ - ">=0,<8.1.2" - ], - "v": ">=0,<8.1.2" - }, { "advisory": "An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open prior to Image.load.", "cve": "CVE-2021-28675", @@ -106730,7 +107909,7 @@ ], "pillow-simd": [ { - "advisory": "Pillow-simd is affected by an arbitrary code execution vulnerability. If an attacker controls the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.", + "advisory": "Pillow-simd is affected by an arbitrary code execution vulnerability. If an attacker controls the keys passed to the environment argument of PIL.ImageMath.eval(), they may be able to execute arbitrary code.\r\n#Note: This CVE originates in the original package, Pillow, from which Pillow-simd is forked. However, this CVE is fixed in Pillow, but there is still no fix in Pillow-simd.", "cve": "CVE-2023-50447", "id": "pyup.io-72955", "more_info_path": "/vulnerabilities/CVE-2023-50447/72955", @@ -106739,6 +107918,16 @@ ], "v": "<10.2.0" }, + { + "advisory": "Pillow-simd is potentially vulnerable to DoS attacks through PIL.ImageFont.ImageFont.getmask().\r\n#Note: This CVE originates in the original package, Pillow, from which Pillow-simd is forked. However, this CVE is fixed in Pillow, but there is still no fix in Pillow-simd.", + "cve": "PVE-2024-64437", + "id": "pyup.io-73080", + "more_info_path": "/vulnerabilities/PVE-2024-64437/73080", + "specs": [ + "<10.2.0" + ], + "v": "<10.2.0" + }, { "advisory": "Pillow-simd 2.3.1 includes a fix for CVE-2014-1932: The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.", "cve": "CVE-2014-1932", @@ -106820,6 +108009,16 @@ ], "v": "<3.1.1" }, + { + "advisory": "Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.", + "cve": "CVE-2016-0775", + "id": "pyup.io-42330", + "more_info_path": "/vulnerabilities/CVE-2016-0775/42330", + "specs": [ + "<3.1.1" + ], + "v": "<3.1.1" + }, { "advisory": "Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow-simd affected versions allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.", "cve": "CVE-2016-4009", @@ -106840,16 +108039,6 @@ ], "v": "<3.1.1" }, - { - "advisory": "Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.", - "cve": "CVE-2016-0775", - "id": "pyup.io-42330", - "more_info_path": "/vulnerabilities/CVE-2016-0775/42330", - "specs": [ - "<3.1.1" - ], - "v": "<3.1.1" - }, { "advisory": "Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.", "cve": "CVE-2016-2533", @@ -106931,20 +108120,20 @@ "v": "<6.2.2" }, { - "advisory": "libImaging/SgiRleDecode.c in Pillow-simd affected versions have an SGI buffer overflow.", - "cve": "CVE-2020-5311", - "id": "pyup.io-72848", - "more_info_path": "/vulnerabilities/CVE-2020-5311/72848", + "advisory": "libImaging/PcxDecode.c in Pillow-simd affected versions have a PCX P mode buffer overflow.", + "cve": "CVE-2020-5312", + "id": "pyup.io-72849", + "more_info_path": "/vulnerabilities/CVE-2020-5312/72849", "specs": [ "<6.2.2" ], "v": "<6.2.2" }, { - "advisory": "libImaging/PcxDecode.c in Pillow-simd affected versions have a PCX P mode buffer overflow.", - "cve": "CVE-2020-5312", - "id": "pyup.io-72849", - "more_info_path": "/vulnerabilities/CVE-2020-5312/72849", + "advisory": "libImaging/SgiRleDecode.c in Pillow-simd affected versions have an SGI buffer overflow.", + "cve": "CVE-2020-5311", + "id": "pyup.io-72848", + "more_info_path": "/vulnerabilities/CVE-2020-5311/72848", "specs": [ "<6.2.2" ], @@ -107001,20 +108190,20 @@ "v": "<8.0.1" }, { - "advisory": "Pillow-simd includes a fix for SGI Decode buffer overrun.", - "cve": "CVE-2020-35655", - "id": "pyup.io-72836", - "more_info_path": "/vulnerabilities/CVE-2020-35655/72836", + "advisory": "In Pillow-simd affected versions, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.", + "cve": "CVE-2020-35653", + "id": "pyup.io-72837", + "more_info_path": "/vulnerabilities/CVE-2020-35653/72837", "specs": [ "<8.1.0" ], "v": "<8.1.0" }, { - "advisory": "In Pillow-simd affected versions, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.", - "cve": "CVE-2020-35653", - "id": "pyup.io-72837", - "more_info_path": "/vulnerabilities/CVE-2020-35653/72837", + "advisory": "Pillow-simd includes a fix for SGI Decode buffer overrun.", + "cve": "CVE-2020-35655", + "id": "pyup.io-72836", + "more_info_path": "/vulnerabilities/CVE-2020-35655/72836", "specs": [ "<8.1.0" ], @@ -107030,26 +108219,6 @@ ], "v": "<8.1.0" }, - { - "advisory": "Pillow-simd includes a fix for CVE-2021-27921: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", - "cve": "CVE-2021-27921", - "id": "pyup.io-72834", - "more_info_path": "/vulnerabilities/CVE-2021-27921/72834", - "specs": [ - "<8.1.1" - ], - "v": "<8.1.1" - }, - { - "advisory": "Pillow-simd includes a fix for CVE-2021-27922: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be huge.", - "cve": "CVE-2021-27922", - "id": "pyup.io-72835", - "more_info_path": "/vulnerabilities/CVE-2021-27922/72835", - "specs": [ - "<8.1.1" - ], - "v": "<8.1.1" - }, { "advisory": "Affected versions of Pillow-simd, a highly optimized version of the Pillow library for x86 architecture (primarily Intel and AMD CPUs), are vulnerable to CVE-2021-25291. This vulnerability, found in `TiffDecode.c`, allows an out-of-bounds read in `TiffreadRGBATile` when processing invalid tile boundaries, potentially leading to memory corruption or crashes.", "cve": "CVE-2021-25291", @@ -107081,20 +108250,40 @@ "v": "<8.1.1" }, { - "advisory": "Affected versions of Pillow-simd, a highly optimized version of the Pillow library for x86 architecture (primarily Intel and AMD CPUs), are vulnerable to CVE-2021-25289. This issue, found in `TiffDecode`, involves a heap-based buffer overflow when decoding crafted YCbCr files due to certain interpretation conflicts with LibTIFF in RGBA mode. Notably, this vulnerability exists because of an incomplete fix for CVE-2020-35654.", - "cve": "CVE-2021-25289", - "id": "pyup.io-72606", - "more_info_path": "/vulnerabilities/CVE-2021-25289/72606", + "advisory": "Affected versions of Pillow-simd, a highly optimized version of the Pillow library for x86 architecture (mainly Intel and AMD CPUs), are vulnerable to CVE-2021-25292. Due to catastrophic backtracking in a regular expression, this issue allows a Regular Expression Denial of Service (ReDoS) attack through the PDF parser when processing a crafted PDF file.", + "cve": "CVE-2021-25292", + "id": "pyup.io-72571", + "more_info_path": "/vulnerabilities/CVE-2021-25292/72571", "specs": [ "<8.1.1" ], "v": "<8.1.1" }, { - "advisory": "Affected versions of Pillow-simd, a highly optimized version of the Pillow library for x86 architecture (mainly Intel and AMD CPUs), are vulnerable to CVE-2021-25292. Due to catastrophic backtracking in a regular expression, this issue allows a Regular Expression Denial of Service (ReDoS) attack through the PDF parser when processing a crafted PDF file.", - "cve": "CVE-2021-25292", - "id": "pyup.io-72571", - "more_info_path": "/vulnerabilities/CVE-2021-25292/72571", + "advisory": "Pillow-simd includes a fix for CVE-2021-27921: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.", + "cve": "CVE-2021-27921", + "id": "pyup.io-72834", + "more_info_path": "/vulnerabilities/CVE-2021-27921/72834", + "specs": [ + "<8.1.1" + ], + "v": "<8.1.1" + }, + { + "advisory": "Pillow-simd includes a fix for CVE-2021-27922: Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be huge.", + "cve": "CVE-2021-27922", + "id": "pyup.io-72835", + "more_info_path": "/vulnerabilities/CVE-2021-27922/72835", + "specs": [ + "<8.1.1" + ], + "v": "<8.1.1" + }, + { + "advisory": "Affected versions of Pillow-simd, a highly optimized version of the Pillow library for x86 architecture (primarily Intel and AMD CPUs), are vulnerable to CVE-2021-25289. This issue, found in `TiffDecode`, involves a heap-based buffer overflow when decoding crafted YCbCr files due to certain interpretation conflicts with LibTIFF in RGBA mode. Notably, this vulnerability exists because of an incomplete fix for CVE-2020-35654.", + "cve": "CVE-2021-25289", + "id": "pyup.io-72606", + "more_info_path": "/vulnerabilities/CVE-2021-25289/72606", "specs": [ "<8.1.1" ], @@ -107190,6 +108379,16 @@ ], "v": "<9.0.0" }, + { + "advisory": "Pillow-simd affected versions allows attackers to delete files because spaces in temporary pathnames are mishandled.", + "cve": "CVE-2022-24303", + "id": "pyup.io-73079", + "more_info_path": "/vulnerabilities/CVE-2022-24303/73079", + "specs": [ + "<9.0.1" + ], + "v": "<9.0.1" + }, { "advisory": "Affected versions of Pillow-simd are vulnerable due to improper handling in the `PIL.ImageMath.eval` function, which allows the evaluation of arbitrary expressions, including those that utilize the Python `exec` method. An attacker could exploit this by executing arbitrary code by using a lambda expression or other malicious input.", "cve": "CVE-2022-22817", @@ -107240,16 +108439,6 @@ ], "v": ">=0" }, - { - "advisory": "Certain versions of Pillow-simd are susceptible to a denial of service via memory consumption due to inadequate validation of the reported size of a contained image in a BLP container. This can result in attempts to allocate excessively large amounts of memory. To mitigate or avoid this vulnerability, users should consider updating to a newer version that addresses the issue or following any provided workarounds, such as avoiding the processing of specially crafted invalid image files that may trigger this condition. For additional details and potential updates, users may refer to the CVE-2021-27921 entry or contact the software maintainers through the provided channels.", - "cve": "PVE-2024-69615", - "id": "pyup.io-72954", - "more_info_path": "/vulnerabilities/PVE-2024-69615/72954", - "specs": [ - ">=0,<8.1.2" - ], - "v": ">=0,<8.1.2" - }, { "advisory": "An issue was discovered in Pillow-simd affected versions. PSDImagePlugin.PsdImageFile lacked a sanity check on the number of input layers relative to the size of the data block. This could lead to a DoS on Image.open before Image.load.", "cve": "CVE-2021-28675", @@ -107537,10 +108726,10 @@ ], "pipenv": [ { - "advisory": "Pipenv 2020.5.28 updates its dependency 'jinja2' to v2.11.2 to include a security fix.", - "cve": "CVE-2019-10906", - "id": "pyup.io-38334", - "more_info_path": "/vulnerabilities/CVE-2019-10906/38334", + "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", + "cve": "CVE-2019-11236", + "id": "pyup.io-45799", + "more_info_path": "/vulnerabilities/CVE-2019-11236/45799", "specs": [ "<2020.5.28" ], @@ -107548,49 +108737,49 @@ }, { "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-45800", - "more_info_path": "/vulnerabilities/CVE-2020-26137/45800", + "cve": "CVE-2019-11324", + "id": "pyup.io-45798", + "more_info_path": "/vulnerabilities/CVE-2019-11324/45798", "specs": [ "<2020.5.28" ], "v": "<2020.5.28" }, { - "advisory": "Pipenv 2020.5.28 updates its dependency 'pyyaml' minimum requirement to v5.3.1 to include security fixes.", - "cve": "CVE-2017-18342", - "id": "pyup.io-45802", - "more_info_path": "/vulnerabilities/CVE-2017-18342/45802", + "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", + "cve": "CVE-2020-26137", + "id": "pyup.io-45800", + "more_info_path": "/vulnerabilities/CVE-2020-26137/45800", "specs": [ "<2020.5.28" ], "v": "<2020.5.28" }, { - "advisory": "Pipenv 2020.5.28 updates its dependency 'pyyaml' minimum requirement to v5.3.1 to include security fixes.", - "cve": "CVE-2020-1747", - "id": "pyup.io-45801", - "more_info_path": "/vulnerabilities/CVE-2020-1747/45801", + "advisory": "Pipenv 2020.5.28 updates its dependency 'jinja2' to v2.11.2 to include a security fix.", + "cve": "CVE-2019-10906", + "id": "pyup.io-38334", + "more_info_path": "/vulnerabilities/CVE-2019-10906/38334", "specs": [ "<2020.5.28" ], "v": "<2020.5.28" }, { - "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-45798", - "more_info_path": "/vulnerabilities/CVE-2019-11324/45798", + "advisory": "Pipenv 2020.5.28 updates its dependency 'pyyaml' minimum requirement to v5.3.1 to include security fixes.", + "cve": "CVE-2017-18342", + "id": "pyup.io-45802", + "more_info_path": "/vulnerabilities/CVE-2017-18342/45802", "specs": [ "<2020.5.28" ], "v": "<2020.5.28" }, { - "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-45799", - "more_info_path": "/vulnerabilities/CVE-2019-11236/45799", + "advisory": "Pipenv 2020.5.28 updates its dependency 'pyyaml' minimum requirement to v5.3.1 to include security fixes.", + "cve": "CVE-2020-1747", + "id": "pyup.io-45801", + "more_info_path": "/vulnerabilities/CVE-2020-1747/45801", "specs": [ "<2020.5.28" ], @@ -107840,6 +109029,18 @@ "v": "<1.3.6" } ], + "planai": [ + { + "advisory": "Affected versions of planai are vulnerable to race conditions. The vulnerability is triggered under concurrent task execution. Vulnerable methods include _dispatch_notify, _dispatch_once, _notify_completed, and _task_completed. Exploitability increases with system load and concurrency. The commit fixes this by implementing consistent use of self.task_lock for shared state modifications, improving task failure tracking, and refining the dispatch loop logic. This vulnerability is specific to multi-threaded Python applications using the Dispatcher class.", + "cve": "PVE-2024-73015", + "id": "pyup.io-73015", + "more_info_path": "/vulnerabilities/PVE-2024-73015/73015", + "specs": [ + "<0.1.2" + ], + "v": "<0.1.2" + } + ], "planet": [ { "advisory": "Planet 2.0.1 fixes a security issue where a secret file was being created with read access for other users on the machine.\r\nhttps://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7\r\nhttps://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85", @@ -108080,50 +109281,6 @@ ], "v": "<4.2.3,>=4.3a1,<4.3b1" }, - { - "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5499: python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.", - "cve": "CVE-2012-5499", - "id": "pyup.io-35391", - "more_info_path": "/vulnerabilities/CVE-2012-5499/35391", - "specs": [ - "<4.2.3", - ">=4.3a1,<4.3b1" - ], - "v": "<4.2.3,>=4.3a1,<4.3b1" - }, - { - "advisory": "ftp.py in Plone before 4.2.3 and 4.3b1 allows remote attackers to read hidden folder contents via unspecified vectors.", - "cve": "CVE-2012-5503", - "id": "pyup.io-25999", - "more_info_path": "/vulnerabilities/CVE-2012-5503/25999", - "specs": [ - "<4.2.3", - ">=4.3a1,<4.3b1" - ], - "v": "<4.2.3,>=4.3a1,<4.3b1" - }, - { - "advisory": "Plone versions 4.2.3 and 4.3b1 include a fix for CVE-2012-6661, a vulnerability in its dependency \"zope\".", - "cve": "CVE-2012-6661", - "id": "pyup.io-42186", - "more_info_path": "/vulnerabilities/CVE-2012-6661/42186", - "specs": [ - "<4.2.3", - ">=4.3a1,<4.3b1" - ], - "v": "<4.2.3,>=4.3a1,<4.3b1" - }, - { - "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5487: The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.", - "cve": "CVE-2012-5487", - "id": "pyup.io-35381", - "more_info_path": "/vulnerabilities/CVE-2012-5487/35381", - "specs": [ - "<4.2.3", - ">=4.3a1,<4.3b1" - ], - "v": "<4.2.3,>=4.3a1,<4.3b1" - }, { "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5504: Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "cve": "CVE-2012-5504", @@ -108158,10 +109315,10 @@ "v": "<4.2.3,>=4.3a1,<4.3b1" }, { - "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5500: The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.", - "cve": "CVE-2012-5500", - "id": "pyup.io-35392", - "more_info_path": "/vulnerabilities/CVE-2012-5500/35392", + "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5498: queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.", + "cve": "CVE-2012-5498", + "id": "pyup.io-35390", + "more_info_path": "/vulnerabilities/CVE-2012-5498/35390", "specs": [ "<4.2.3", ">=4.3a1,<4.3b1" @@ -108169,10 +109326,10 @@ "v": "<4.2.3,>=4.3a1,<4.3b1" }, { - "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5498: queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.", - "cve": "CVE-2012-5498", - "id": "pyup.io-35390", - "more_info_path": "/vulnerabilities/CVE-2012-5498/35390", + "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5497: membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.", + "cve": "CVE-2012-5497", + "id": "pyup.io-35389", + "more_info_path": "/vulnerabilities/CVE-2012-5497/35389", "specs": [ "<4.2.3", ">=4.3a1,<4.3b1" @@ -108180,10 +109337,10 @@ "v": "<4.2.3,>=4.3a1,<4.3b1" }, { - "advisory": "The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.", - "cve": "CVE-2012-5508", - "id": "pyup.io-35398", - "more_info_path": "/vulnerabilities/CVE-2012-5508/35398", + "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5501: at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.", + "cve": "CVE-2012-5501", + "id": "pyup.io-35393", + "more_info_path": "/vulnerabilities/CVE-2012-5501/35393", "specs": [ "<4.2.3", ">=4.3a1,<4.3b1" @@ -108191,10 +109348,76 @@ "v": "<4.2.3,>=4.3a1,<4.3b1" }, { - "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5497: membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.", - "cve": "CVE-2012-5497", - "id": "pyup.io-35389", - "more_info_path": "/vulnerabilities/CVE-2012-5497/35389", + "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5505: atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.", + "cve": "CVE-2012-5505", + "id": "pyup.io-35396", + "more_info_path": "/vulnerabilities/CVE-2012-5505/35396", + "specs": [ + "<4.2.3", + ">=4.3a1,<4.3b1" + ], + "v": "<4.2.3,>=4.3a1,<4.3b1" + }, + { + "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5499: python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.", + "cve": "CVE-2012-5499", + "id": "pyup.io-35391", + "more_info_path": "/vulnerabilities/CVE-2012-5499/35391", + "specs": [ + "<4.2.3", + ">=4.3a1,<4.3b1" + ], + "v": "<4.2.3,>=4.3a1,<4.3b1" + }, + { + "advisory": "ftp.py in Plone before 4.2.3 and 4.3b1 allows remote attackers to read hidden folder contents via unspecified vectors.", + "cve": "CVE-2012-5503", + "id": "pyup.io-25999", + "more_info_path": "/vulnerabilities/CVE-2012-5503/25999", + "specs": [ + "<4.2.3", + ">=4.3a1,<4.3b1" + ], + "v": "<4.2.3,>=4.3a1,<4.3b1" + }, + { + "advisory": "Plone versions 4.2.3 and 4.3b1 include a fix for CVE-2012-6661, a vulnerability in its dependency \"zope\".", + "cve": "CVE-2012-6661", + "id": "pyup.io-42186", + "more_info_path": "/vulnerabilities/CVE-2012-6661/42186", + "specs": [ + "<4.2.3", + ">=4.3a1,<4.3b1" + ], + "v": "<4.2.3,>=4.3a1,<4.3b1" + }, + { + "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5487: The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.", + "cve": "CVE-2012-5487", + "id": "pyup.io-35381", + "more_info_path": "/vulnerabilities/CVE-2012-5487/35381", + "specs": [ + "<4.2.3", + ">=4.3a1,<4.3b1" + ], + "v": "<4.2.3,>=4.3a1,<4.3b1" + }, + { + "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5500: The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.", + "cve": "CVE-2012-5500", + "id": "pyup.io-35392", + "more_info_path": "/vulnerabilities/CVE-2012-5500/35392", + "specs": [ + "<4.2.3", + ">=4.3a1,<4.3b1" + ], + "v": "<4.2.3,>=4.3a1,<4.3b1" + }, + { + "advisory": "The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.", + "cve": "CVE-2012-5508", + "id": "pyup.io-35398", + "more_info_path": "/vulnerabilities/CVE-2012-5508/35398", "specs": [ "<4.2.3", ">=4.3a1,<4.3b1" @@ -108267,28 +109490,6 @@ ], "v": "<4.2.3,>=4.3a1,<4.3b1" }, - { - "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5501: at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.", - "cve": "CVE-2012-5501", - "id": "pyup.io-35393", - "more_info_path": "/vulnerabilities/CVE-2012-5501/35393", - "specs": [ - "<4.2.3", - ">=4.3a1,<4.3b1" - ], - "v": "<4.2.3,>=4.3a1,<4.3b1" - }, - { - "advisory": "Plone 4.2.3 and 4.3b1 include a fix for CVE-2012-5505: atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.", - "cve": "CVE-2012-5505", - "id": "pyup.io-35396", - "more_info_path": "/vulnerabilities/CVE-2012-5505/35396", - "specs": [ - "<4.2.3", - ">=4.3a1,<4.3b1" - ], - "v": "<4.2.3,>=4.3a1,<4.3b1" - }, { "advisory": "Plone 4.3 includes a fix for CVE-2012-5486: It was discovered that Plone, included as a part of luci, did not properly sanitize HTTP headers provided within certain URL requests. A remote attacker could use a specially crafted URL that, when processed, would cause the injected HTTP headers to be returned as a part of the Plone HTTP response, potentially allowing the attacker to perform other more advanced attacks.", "cve": "CVE-2012-5486", @@ -108373,20 +109574,20 @@ "v": "<5.0a" }, { - "advisory": "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. See CVE-2024-23756.", - "cve": "CVE-2024-23756", - "id": "pyup.io-65287", - "more_info_path": "/vulnerabilities/CVE-2024-23756/65287", + "advisory": "An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. See CVE-2024-23055.\r\nhttps://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055", + "cve": "CVE-2024-23055", + "id": "pyup.io-64641", + "more_info_path": "/vulnerabilities/CVE-2024-23055/64641", "specs": [ "<5.2.13" ], "v": "<5.2.13" }, { - "advisory": "An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. See CVE-2024-23055.\r\nhttps://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055", - "cve": "CVE-2024-23055", - "id": "pyup.io-64641", - "more_info_path": "/vulnerabilities/CVE-2024-23055/64641", + "advisory": "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. See CVE-2024-23756.", + "cve": "CVE-2024-23756", + "id": "pyup.io-65287", + "more_info_path": "/vulnerabilities/CVE-2024-23756/65287", "specs": [ "<5.2.13" ], @@ -108413,20 +109614,20 @@ "v": "<5.2.3" }, { - "advisory": "Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). See CVE-2020-28736.", - "cve": "CVE-2020-28736", - "id": "pyup.io-39378", - "more_info_path": "/vulnerabilities/CVE-2020-28736/39378", + "advisory": "Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). See CVE-2020-28735.", + "cve": "CVE-2020-28735", + "id": "pyup.io-39377", + "more_info_path": "/vulnerabilities/CVE-2020-28735/39377", "specs": [ "<5.2.3" ], "v": "<5.2.3" }, { - "advisory": "Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). See CVE-2020-28735.", - "cve": "CVE-2020-28735", - "id": "pyup.io-39377", - "more_info_path": "/vulnerabilities/CVE-2020-28735/39377", + "advisory": "Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). See CVE-2020-28736.", + "cve": "CVE-2020-28736", + "id": "pyup.io-39378", + "more_info_path": "/vulnerabilities/CVE-2020-28736/39378", "specs": [ "<5.2.3" ], @@ -108463,20 +109664,20 @@ "v": "<=3.0.6" }, { - "advisory": "Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.", - "cve": "CVE-2008-1396", - "id": "pyup.io-67966", - "more_info_path": "/vulnerabilities/CVE-2008-1396/67966", + "advisory": "Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.", + "cve": "CVE-2008-1395", + "id": "pyup.io-67965", + "more_info_path": "/vulnerabilities/CVE-2008-1395/67965", "specs": [ "<=3.1.7" ], "v": "<=3.1.7" }, { - "advisory": "Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session.", - "cve": "CVE-2008-1395", - "id": "pyup.io-67965", - "more_info_path": "/vulnerabilities/CVE-2008-1395/67965", + "advisory": "Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.", + "cve": "CVE-2008-1396", + "id": "pyup.io-67966", + "more_info_path": "/vulnerabilities/CVE-2008-1396/67966", "specs": [ "<=3.1.7" ], @@ -108507,6 +109708,16 @@ ], "v": "<=3.3.6,>=4.0a1,<=4.0.10,>=4.1a1,<=4.1.6,>=4.2a1,<=4.2.7,>=4.3a1,<4.3.7" }, + { + "advisory": "Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.", + "cve": "CVE-2021-33509", + "id": "pyup.io-40534", + "more_info_path": "/vulnerabilities/CVE-2021-33509/40534", + "specs": [ + "<=5.2.4" + ], + "v": "<=5.2.4" + }, { "advisory": "Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.", "cve": "CVE-2021-33513", @@ -108567,16 +109778,6 @@ ], "v": "<=5.2.4" }, - { - "advisory": "Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.", - "cve": "CVE-2021-33509", - "id": "pyup.io-40534", - "more_info_path": "/vulnerabilities/CVE-2021-33509/40534", - "specs": [ - "<=5.2.4" - ], - "v": "<=5.2.4" - }, { "advisory": "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request. See CVE-2024-22889.", "cve": "CVE-2024-22889", @@ -108673,18 +109874,6 @@ ], "v": ">=2.1,<4.1,>=4.2a1,<4.2.5,>=4.3a1,<4.3.1" }, - { - "advisory": "Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4192: sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.", - "cve": "CVE-2013-4192", - "id": "pyup.io-35444", - "more_info_path": "/vulnerabilities/CVE-2013-4192/35444", - "specs": [ - ">=2.1,<4.1", - ">=4.2a1,<4.2.5", - ">=4.3a1,<4.3.1" - ], - "v": ">=2.1,<4.1,>=4.2a1,<4.2.5,>=4.3a1,<4.3.1" - }, { "advisory": "Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4195: Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.", "cve": "CVE-2013-4195", @@ -108709,18 +109898,6 @@ ], "v": ">=2.1,<4.1,>=4.2a1,<4.2.5,>=4.3a1,<4.3.1" }, - { - "advisory": "Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4197: member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.", - "cve": "CVE-2013-4197", - "id": "pyup.io-35449", - "more_info_path": "/vulnerabilities/CVE-2013-4197/35449", - "specs": [ - ">=2.1,<4.1", - ">=4.2a1,<4.2.5", - ">=4.3a1,<4.3.1" - ], - "v": ">=2.1,<4.1,>=4.2a1,<4.2.5,>=4.3a1,<4.3.1" - }, { "advisory": "Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4189: Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors.", "cve": "CVE-2013-4189", @@ -108745,6 +109922,30 @@ ], "v": ">=2.1,<4.1,>=4.2a1,<4.2.5,>=4.3a1,<4.3.1" }, + { + "advisory": "Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4192: sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.", + "cve": "CVE-2013-4192", + "id": "pyup.io-35444", + "more_info_path": "/vulnerabilities/CVE-2013-4192/35444", + "specs": [ + ">=2.1,<4.1", + ">=4.2a1,<4.2.5", + ">=4.3a1,<4.3.1" + ], + "v": ">=2.1,<4.1,>=4.2a1,<4.2.5,>=4.3a1,<4.3.1" + }, + { + "advisory": "Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4197: member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.", + "cve": "CVE-2013-4197", + "id": "pyup.io-35449", + "more_info_path": "/vulnerabilities/CVE-2013-4197/35449", + "specs": [ + ">=2.1,<4.1", + ">=4.2a1,<4.2.5", + ">=4.3a1,<4.3.1" + ], + "v": ">=2.1,<4.1,>=4.2a1,<4.2.5,>=4.3a1,<4.3.1" + }, { "advisory": "Plone 4.1, 4.2.5 and 4.3.1 include a fix for CVE-2013-4191: zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.", "cve": "CVE-2013-4191", @@ -108794,10 +109995,10 @@ "v": ">=2.1,<=4.1,>=4.2a1,<=4.2.5,>=4.3a1,<=4.3.1" }, { - "advisory": "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login.", - "cve": "CVE-2013-4200", - "id": "pyup.io-35452", - "more_info_path": "/vulnerabilities/CVE-2013-4200/35452", + "advisory": "mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.", + "cve": "CVE-2013-4198", + "id": "pyup.io-35450", + "more_info_path": "/vulnerabilities/CVE-2013-4198/35450", "specs": [ ">=2.1,<=4.1", ">=4.2a1,<=4.2.5", @@ -108806,10 +110007,10 @@ "v": ">=2.1,<=4.1,>=4.2a1,<=4.2.5,>=4.3a1,<=4.3.1" }, { - "advisory": "mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.", - "cve": "CVE-2013-4198", - "id": "pyup.io-35450", - "more_info_path": "/vulnerabilities/CVE-2013-4198/35450", + "advisory": "The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the \"next\" parameter to acl_users/credentials_cookie_auth/require_login.", + "cve": "CVE-2013-4200", + "id": "pyup.io-35452", + "more_info_path": "/vulnerabilities/CVE-2013-4200/35452", "specs": [ ">=2.1,<=4.1", ">=4.2a1,<=4.2.5", @@ -108828,20 +110029,20 @@ "v": ">=2.5,<4.0" }, { - "advisory": "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the 'isURLInPortal' check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.\r\nhttps://plone.org/security/hotfix/20171128/open-redirection-on-login-form", - "cve": "CVE-2017-1000481", - "id": "pyup.io-35701", - "more_info_path": "/vulnerabilities/CVE-2017-1000481/35701", + "advisory": "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.\r\nhttps://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", + "cve": "CVE-2017-1000482", + "id": "pyup.io-35702", + "more_info_path": "/vulnerabilities/CVE-2017-1000482/35702", "specs": [ ">=2.5,<=5.1rc1" ], "v": ">=2.5,<=5.1rc1" }, { - "advisory": "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.\r\nhttps://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", - "cve": "CVE-2017-1000482", - "id": "pyup.io-35702", - "more_info_path": "/vulnerabilities/CVE-2017-1000482/35702", + "advisory": "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the 'isURLInPortal' check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.\r\nhttps://plone.org/security/hotfix/20171128/open-redirection-on-login-form", + "cve": "CVE-2017-1000481", + "id": "pyup.io-35701", + "more_info_path": "/vulnerabilities/CVE-2017-1000481/35701", "specs": [ ">=2.5,<=5.1rc1" ], @@ -109753,9 +110954,9 @@ }, { "advisory": "Plotly 1.9.6 includes plotly.js version 1.5.2, which contains security fixes.", - "cve": "CVE-2015-9242", - "id": "pyup.io-38545", - "more_info_path": "/vulnerabilities/CVE-2015-9242/38545", + "cve": "CVE-2015-8858", + "id": "pyup.io-45779", + "more_info_path": "/vulnerabilities/CVE-2015-8858/45779", "specs": [ "<1.9.6" ], @@ -109763,9 +110964,9 @@ }, { "advisory": "Plotly 1.9.6 includes plotly.js version 1.5.2, which contains security fixes.", - "cve": "CVE-2015-8858", - "id": "pyup.io-45779", - "more_info_path": "/vulnerabilities/CVE-2015-8858/45779", + "cve": "CVE-2015-9242", + "id": "pyup.io-38545", + "more_info_path": "/vulnerabilities/CVE-2015-9242/38545", "specs": [ "<1.9.6" ], @@ -110053,6 +111254,18 @@ "v": "<0.4.0" } ], + "podman": [ + { + "advisory": "Podman 4.4.0 updates its dependency 'urllib3' to include a security fix.", + "cve": "CVE-2020-26137", + "id": "pyup.io-53101", + "more_info_path": "/vulnerabilities/CVE-2020-26137/53101", + "specs": [ + "<4.4.0" + ], + "v": "<4.4.0" + } + ], "poetry": [ { "advisory": "Poetry 1.1.9 includes a fix for CVE-2022-36070: To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. 'git config'. These commands are being executed using the executable\u2019s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the 'PATH' environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented.\r\nhttps://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6", @@ -110176,6 +111389,16 @@ } ], "polyaxon": [ + { + "advisory": "Polyaxon 0.4.1 updates its NPM dependency 'bootstrap' to v3.4.1 to include a security fix.", + "cve": "CVE-2019-8331", + "id": "pyup.io-49097", + "more_info_path": "/vulnerabilities/CVE-2019-8331/49097", + "specs": [ + "<0.4.1" + ], + "v": "<0.4.1" + }, { "advisory": "Polyaxon 0.4.1 updates its NPM dependency 'lodash' to v4.17.11 to include security fixes.", "cve": "CVE-2018-16487", @@ -110196,16 +111419,6 @@ ], "v": "<0.4.1" }, - { - "advisory": "Polyaxon 0.4.1 updates its NPM dependency 'bootstrap' to v3.4.1 to include a security fix.", - "cve": "CVE-2019-8331", - "id": "pyup.io-49097", - "more_info_path": "/vulnerabilities/CVE-2019-8331/49097", - "specs": [ - "<0.4.1" - ], - "v": "<0.4.1" - }, { "advisory": "Polyaxon 0.5.1 updates its NPM dependency 'lodash' to v4.17.14: vulnerability issue.", "cve": "CVE-2019-10744", @@ -110226,6 +111439,16 @@ ], "v": "<0.5.5" }, + { + "advisory": "Polyaxon 0.5.5 updates its dependency 'django' to v2.2.4 to include security fixes.", + "cve": "CVE-2019-14234", + "id": "pyup.io-45019", + "more_info_path": "/vulnerabilities/CVE-2019-14234/45019", + "specs": [ + "<0.5.5" + ], + "v": "<0.5.5" + }, { "advisory": "Polyaxon 0.5.5 updates its dependency 'djangorestframework' to v3.10.1 to include a security fix.", "cve": "CVE-2020-25626", @@ -110246,16 +111469,6 @@ ], "v": "<0.5.5" }, - { - "advisory": "Polyaxon 0.5.5 updates its dependency 'django' to v2.2.4 to include security fixes.", - "cve": "CVE-2019-14234", - "id": "pyup.io-45019", - "more_info_path": "/vulnerabilities/CVE-2019-14234/45019", - "specs": [ - "<0.5.5" - ], - "v": "<0.5.5" - }, { "advisory": "Polyaxon 0.5.5 updates its dependency 'django' to v2.2.4 to include security fixes.", "cve": "CVE-2019-14232", @@ -110671,7 +111884,7 @@ ], "powerline-gitstatus": [ { - "advisory": "powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001.\n\nAffected functions:\npowerline_gitstatus.segments.GitStatusSegment.get_base_command", + "advisory": "Powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. Git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. \r\nNOTE: this is similar to CVE-2022-20001.\r\nAffected functions: powerline_gitstatus.segments.GitStatusSegment.get_base_command", "cve": "CVE-2022-42906", "id": "pyup.io-54518", "more_info_path": "/vulnerabilities/CVE-2022-42906/54518", @@ -110868,20 +112081,20 @@ "v": "<0.14.21" }, { - "advisory": "Prefect 0.15.8 includes a version of Prefect UI which updates a dependency (npm:graphiql) to include a security fix.", - "cve": "CVE-2021-41248", - "id": "pyup.io-42952", - "more_info_path": "/vulnerabilities/CVE-2021-41248/42952", + "advisory": "Prefect 0.15.8 includes a Prefect Server update that bumps an upstream dependency to fix a security vulnerability. See CVE-2021-41249.", + "cve": "CVE-2021-41249", + "id": "pyup.io-42552", + "more_info_path": "/vulnerabilities/CVE-2021-41249/42552", "specs": [ "<0.15.8" ], "v": "<0.15.8" }, { - "advisory": "Prefect 0.15.8 includes a Prefect Server update that bumps an upstream dependency to fix a security vulnerability. See CVE-2021-41249.", - "cve": "CVE-2021-41249", - "id": "pyup.io-42552", - "more_info_path": "/vulnerabilities/CVE-2021-41249/42552", + "advisory": "Prefect 0.15.8 includes a version of Prefect UI which updates a dependency (npm:graphiql) to include a security fix.", + "cve": "CVE-2021-41248", + "id": "pyup.io-42952", + "more_info_path": "/vulnerabilities/CVE-2021-41248/42952", "specs": [ "<0.15.8" ], @@ -110927,6 +112140,16 @@ ], "v": "<3.0.0rc4" }, + { + "advisory": "A security update has been implemented to address potential Server-Side Request Forgery (SSRF) vulnerabilities in the Prefect affected versions library. The update introduces strict URL validation for outbound requests, preventing attackers from accessing internal services or private IP addresses. The new allow_private_urls flag should be set to False in production environments unless explicitly required.", + "cve": "PVE-2024-73210", + "id": "pyup.io-73210", + "more_info_path": "/vulnerabilities/PVE-2024-73210/73210", + "specs": [ + "<3.0.2" + ], + "v": "<3.0.2" + }, { "advisory": "Prefect up to and including version 2.14.12 is affected by CVE-2023-6022: An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the open source Prefect web server's API.\r\nhttps://github.com/PrefectHQ/prefect/issues/11380", "cve": "CVE-2023-6022", @@ -111076,6 +112299,18 @@ "v": "<4.1.0b2" } ], + "pridepy": [ + { + "advisory": "Pridepy 0.0.3 updates its dependency 'requests' to include a security fix.", + "cve": "CVE-2024-35195", + "id": "pyup.io-73503", + "more_info_path": "/vulnerabilities/CVE-2024-35195/73503", + "specs": [ + "<0.0.3" + ], + "v": "<0.0.3" + } + ], "primerdriver": [ { "advisory": "Primerdriver 1.1.1 updates its NPM dependency 'lodash' to v4.17.19 to include a security fix.\r\nhttps://hackerone.com/reports/864701", @@ -112165,9 +113400,9 @@ "psd-tools": [ { "advisory": "Psd-tools 1.9.18 includes a version of 'pillow' vulnerable to several CVEs.", - "cve": "CVE-2020-5312", - "id": "pyup.io-43470", - "more_info_path": "/vulnerabilities/CVE-2020-5312/43470", + "cve": "CVE-2020-5311", + "id": "pyup.io-43469", + "more_info_path": "/vulnerabilities/CVE-2020-5311/43469", "specs": [ "<=1.9.18" ], @@ -112175,9 +113410,9 @@ }, { "advisory": "Psd-tools 1.9.18 includes a version of 'pillow' vulnerable to several CVEs.", - "cve": "CVE-2020-5311", - "id": "pyup.io-43469", - "more_info_path": "/vulnerabilities/CVE-2020-5311/43469", + "cve": "CVE-2020-5312", + "id": "pyup.io-43470", + "more_info_path": "/vulnerabilities/CVE-2020-5312/43470", "specs": [ "<=1.9.18" ], @@ -112279,16 +113514,6 @@ ], "v": "<0.4.1" }, - { - "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15206", - "id": "pyup.io-43981", - "more_info_path": "/vulnerabilities/CVE-2020-15206/43981", - "specs": [ - "<0.4.1" - ], - "v": "<0.4.1" - }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", "cve": "CVE-2020-15208", @@ -112319,26 +113544,6 @@ ], "v": "<0.4.1" }, - { - "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15192", - "id": "pyup.io-43994", - "more_info_path": "/vulnerabilities/CVE-2020-15192/43994", - "specs": [ - "<0.4.1" - ], - "v": "<0.4.1" - }, - { - "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15211", - "id": "pyup.io-40498", - "more_info_path": "/vulnerabilities/CVE-2020-15211/40498", - "specs": [ - "<0.4.1" - ], - "v": "<0.4.1" - }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", "cve": "CVE-2020-15195", @@ -112421,9 +113626,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15191", - "id": "pyup.io-43993", - "more_info_path": "/vulnerabilities/CVE-2020-15191/43993", + "cve": "CVE-2020-15190", + "id": "pyup.io-43986", + "more_info_path": "/vulnerabilities/CVE-2020-15190/43986", "specs": [ "<0.4.1" ], @@ -112431,9 +113636,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15190", - "id": "pyup.io-43986", - "more_info_path": "/vulnerabilities/CVE-2020-15190/43986", + "cve": "CVE-2020-15191", + "id": "pyup.io-43993", + "more_info_path": "/vulnerabilities/CVE-2020-15191/43993", "specs": [ "<0.4.1" ], @@ -112471,9 +113676,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15193", - "id": "pyup.io-43995", - "more_info_path": "/vulnerabilities/CVE-2020-15193/43995", + "cve": "CVE-2020-15206", + "id": "pyup.io-43981", + "more_info_path": "/vulnerabilities/CVE-2020-15206/43981", "specs": [ "<0.4.1" ], @@ -112481,9 +113686,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15201", - "id": "pyup.io-44000", - "more_info_path": "/vulnerabilities/CVE-2020-15201/44000", + "cve": "CVE-2020-15192", + "id": "pyup.io-43994", + "more_info_path": "/vulnerabilities/CVE-2020-15192/43994", "specs": [ "<0.4.1" ], @@ -112491,9 +113696,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15213", - "id": "pyup.io-44001", - "more_info_path": "/vulnerabilities/CVE-2020-15213/44001", + "cve": "CVE-2020-15358", + "id": "pyup.io-43992", + "more_info_path": "/vulnerabilities/CVE-2020-15358/43992", "specs": [ "<0.4.1" ], @@ -112501,9 +113706,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15358", - "id": "pyup.io-43992", - "more_info_path": "/vulnerabilities/CVE-2020-15358/43992", + "cve": "CVE-2020-15213", + "id": "pyup.io-44001", + "more_info_path": "/vulnerabilities/CVE-2020-15213/44001", "specs": [ "<0.4.1" ], @@ -112511,9 +113716,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15204", - "id": "pyup.io-43978", - "more_info_path": "/vulnerabilities/CVE-2020-15204/43978", + "cve": "CVE-2020-15201", + "id": "pyup.io-44000", + "more_info_path": "/vulnerabilities/CVE-2020-15201/44000", "specs": [ "<0.4.1" ], @@ -112530,30 +113735,40 @@ "v": "<0.4.1" }, { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37647", - "id": "pyup.io-48067", - "more_info_path": "/vulnerabilities/CVE-2021-37647/48067", + "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15204", + "id": "pyup.io-43978", + "more_info_path": "/vulnerabilities/CVE-2020-15204/43978", "specs": [ - "<0.6.0" + "<0.4.1" ], - "v": "<0.6.0" + "v": "<0.4.1" }, { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37635", - "id": "pyup.io-48055", - "more_info_path": "/vulnerabilities/CVE-2021-37635/48055", + "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15211", + "id": "pyup.io-40498", + "more_info_path": "/vulnerabilities/CVE-2020-15211/40498", "specs": [ - "<0.6.0" + "<0.4.1" ], - "v": "<0.6.0" + "v": "<0.4.1" + }, + { + "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15193", + "id": "pyup.io-43995", + "more_info_path": "/vulnerabilities/CVE-2020-15193/43995", + "specs": [ + "<0.4.1" + ], + "v": "<0.4.1" }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37662", - "id": "pyup.io-48081", - "more_info_path": "/vulnerabilities/CVE-2021-37662/48081", + "cve": "CVE-2021-37647", + "id": "pyup.io-48067", + "more_info_path": "/vulnerabilities/CVE-2021-37647/48067", "specs": [ "<0.6.0" ], @@ -112571,9 +113786,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37664", - "id": "pyup.io-48083", - "more_info_path": "/vulnerabilities/CVE-2021-37664/48083", + "cve": "CVE-2021-37635", + "id": "pyup.io-48055", + "more_info_path": "/vulnerabilities/CVE-2021-37635/48055", "specs": [ "<0.6.0" ], @@ -112581,9 +113796,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37675", - "id": "pyup.io-48093", - "more_info_path": "/vulnerabilities/CVE-2021-37675/48093", + "cve": "CVE-2021-37662", + "id": "pyup.io-48081", + "more_info_path": "/vulnerabilities/CVE-2021-37662/48081", "specs": [ "<0.6.0" ], @@ -112591,9 +113806,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37679", - "id": "pyup.io-48097", - "more_info_path": "/vulnerabilities/CVE-2021-37679/48097", + "cve": "CVE-2021-37664", + "id": "pyup.io-48083", + "more_info_path": "/vulnerabilities/CVE-2021-37664/48083", "specs": [ "<0.6.0" ], @@ -112619,16 +113834,6 @@ ], "v": "<0.6.0" }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37653", - "id": "pyup.io-48072", - "more_info_path": "/vulnerabilities/CVE-2021-37653/48072", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" - }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", "cve": "CVE-2021-37650", @@ -112641,9 +113846,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37655", - "id": "pyup.io-48074", - "more_info_path": "/vulnerabilities/CVE-2021-37655/48074", + "cve": "CVE-2021-37653", + "id": "pyup.io-48072", + "more_info_path": "/vulnerabilities/CVE-2021-37653/48072", "specs": [ "<0.6.0" ], @@ -112671,9 +113876,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37672", - "id": "pyup.io-48090", - "more_info_path": "/vulnerabilities/CVE-2021-37672/48090", + "cve": "CVE-2021-37655", + "id": "pyup.io-48074", + "more_info_path": "/vulnerabilities/CVE-2021-37655/48074", "specs": [ "<0.6.0" ], @@ -112691,9 +113896,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37685", - "id": "pyup.io-48103", - "more_info_path": "/vulnerabilities/CVE-2021-37685/48103", + "cve": "CVE-2021-37672", + "id": "pyup.io-48090", + "more_info_path": "/vulnerabilities/CVE-2021-37672/48090", "specs": [ "<0.6.0" ], @@ -112719,16 +113924,6 @@ ], "v": "<0.6.0" }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37676", - "id": "pyup.io-48094", - "more_info_path": "/vulnerabilities/CVE-2021-37676/48094", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" - }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", "cve": "CVE-2021-37678", @@ -112751,9 +113946,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37667", - "id": "pyup.io-48086", - "more_info_path": "/vulnerabilities/CVE-2021-37667/48086", + "cve": "CVE-2021-37676", + "id": "pyup.io-48094", + "more_info_path": "/vulnerabilities/CVE-2021-37676/48094", "specs": [ "<0.6.0" ], @@ -112761,9 +113956,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37656", - "id": "pyup.io-48075", - "more_info_path": "/vulnerabilities/CVE-2021-37656/48075", + "cve": "CVE-2021-37667", + "id": "pyup.io-48086", + "more_info_path": "/vulnerabilities/CVE-2021-37667/48086", "specs": [ "<0.6.0" ], @@ -112809,36 +114004,6 @@ ], "v": "<0.6.0" }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37659", - "id": "pyup.io-48078", - "more_info_path": "/vulnerabilities/CVE-2021-37659/48078", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" - }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37661", - "id": "pyup.io-48080", - "more_info_path": "/vulnerabilities/CVE-2021-37661/48080", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" - }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37663", - "id": "pyup.io-48082", - "more_info_path": "/vulnerabilities/CVE-2021-37663/48082", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" - }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", "cve": "CVE-2021-37668", @@ -112899,6 +114064,16 @@ ], "v": "<0.6.0" }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37641", + "id": "pyup.io-48061", + "more_info_path": "/vulnerabilities/CVE-2021-37641/48061", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", "cve": "CVE-2021-37649", @@ -112911,9 +114086,39 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37641", - "id": "pyup.io-48061", - "more_info_path": "/vulnerabilities/CVE-2021-37641/48061", + "cve": "CVE-2021-37660", + "id": "pyup.io-48079", + "more_info_path": "/vulnerabilities/CVE-2021-37660/48079", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37652", + "id": "pyup.io-48071", + "more_info_path": "/vulnerabilities/CVE-2021-37652/48071", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37674", + "id": "pyup.io-48092", + "more_info_path": "/vulnerabilities/CVE-2021-37674/48092", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37661", + "id": "pyup.io-48080", + "more_info_path": "/vulnerabilities/CVE-2021-37661/48080", "specs": [ "<0.6.0" ], @@ -112931,9 +114136,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37660", - "id": "pyup.io-48079", - "more_info_path": "/vulnerabilities/CVE-2021-37660/48079", + "cve": "CVE-2021-37638", + "id": "pyup.io-48059", + "more_info_path": "/vulnerabilities/CVE-2021-37638/48059", "specs": [ "<0.6.0" ], @@ -112941,9 +114146,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37642", - "id": "pyup.io-48062", - "more_info_path": "/vulnerabilities/CVE-2021-37642/48062", + "cve": "CVE-2021-37665", + "id": "pyup.io-48084", + "more_info_path": "/vulnerabilities/CVE-2021-37665/48084", "specs": [ "<0.6.0" ], @@ -112951,29 +114156,29 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37652", - "id": "pyup.io-48071", - "more_info_path": "/vulnerabilities/CVE-2021-37652/48071", + "cve": "CVE-2021-37690", + "id": "pyup.io-48108", + "more_info_path": "/vulnerabilities/CVE-2021-37690/48108", "specs": [ "<0.6.0" ], "v": "<0.6.0" }, { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include security fixes.", - "cve": "CVE-2021-22898", - "id": "pyup.io-48053", - "more_info_path": "/vulnerabilities/CVE-2021-22898/48053", + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37643", + "id": "pyup.io-48063", + "more_info_path": "/vulnerabilities/CVE-2021-37643/48063", "specs": [ "<0.6.0" ], "v": "<0.6.0" }, { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include security fixes.", - "cve": "CVE-2021-22901", - "id": "pyup.io-48054", - "more_info_path": "/vulnerabilities/CVE-2021-22901/48054", + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37689", + "id": "pyup.io-48107", + "more_info_path": "/vulnerabilities/CVE-2021-37689/48107", "specs": [ "<0.6.0" ], @@ -112981,9 +114186,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-22876", - "id": "pyup.io-48045", - "more_info_path": "/vulnerabilities/CVE-2021-22876/48045", + "cve": "CVE-2021-37657", + "id": "pyup.io-48076", + "more_info_path": "/vulnerabilities/CVE-2021-37657/48076", "specs": [ "<0.6.0" ], @@ -112991,9 +114196,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37674", - "id": "pyup.io-48092", - "more_info_path": "/vulnerabilities/CVE-2021-37674/48092", + "cve": "CVE-2021-37646", + "id": "pyup.io-48066", + "more_info_path": "/vulnerabilities/CVE-2021-37646/48066", "specs": [ "<0.6.0" ], @@ -113001,9 +114206,19 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37638", - "id": "pyup.io-48059", - "more_info_path": "/vulnerabilities/CVE-2021-37638/48059", + "cve": "CVE-2021-37642", + "id": "pyup.io-48062", + "more_info_path": "/vulnerabilities/CVE-2021-37642/48062", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include security fixes.", + "cve": "CVE-2021-22898", + "id": "pyup.io-48053", + "more_info_path": "/vulnerabilities/CVE-2021-22898/48053", "specs": [ "<0.6.0" ], @@ -113011,9 +114226,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37648", - "id": "pyup.io-48068", - "more_info_path": "/vulnerabilities/CVE-2021-37648/48068", + "cve": "CVE-2021-37675", + "id": "pyup.io-48093", + "more_info_path": "/vulnerabilities/CVE-2021-37675/48093", "specs": [ "<0.6.0" ], @@ -113021,9 +114236,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37669", - "id": "pyup.io-48088", - "more_info_path": "/vulnerabilities/CVE-2021-37669/48088", + "cve": "CVE-2021-37679", + "id": "pyup.io-48097", + "more_info_path": "/vulnerabilities/CVE-2021-37679/48097", "specs": [ "<0.6.0" ], @@ -113031,9 +114246,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37670", - "id": "pyup.io-48089", - "more_info_path": "/vulnerabilities/CVE-2021-37670/48089", + "cve": "CVE-2021-37685", + "id": "pyup.io-48103", + "more_info_path": "/vulnerabilities/CVE-2021-37685/48103", "specs": [ "<0.6.0" ], @@ -113041,9 +114256,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37665", - "id": "pyup.io-48084", - "more_info_path": "/vulnerabilities/CVE-2021-37665/48084", + "cve": "CVE-2021-37656", + "id": "pyup.io-48075", + "more_info_path": "/vulnerabilities/CVE-2021-37656/48075", "specs": [ "<0.6.0" ], @@ -113051,9 +114266,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37690", - "id": "pyup.io-48108", - "more_info_path": "/vulnerabilities/CVE-2021-37690/48108", + "cve": "CVE-2021-37659", + "id": "pyup.io-48078", + "more_info_path": "/vulnerabilities/CVE-2021-37659/48078", "specs": [ "<0.6.0" ], @@ -113061,9 +114276,19 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37688", - "id": "pyup.io-48106", - "more_info_path": "/vulnerabilities/CVE-2021-37688/48106", + "cve": "CVE-2021-37663", + "id": "pyup.io-48082", + "more_info_path": "/vulnerabilities/CVE-2021-37663/48082", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include security fixes.", + "cve": "CVE-2021-22901", + "id": "pyup.io-48054", + "more_info_path": "/vulnerabilities/CVE-2021-22901/48054", "specs": [ "<0.6.0" ], @@ -113071,9 +114296,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37643", - "id": "pyup.io-48063", - "more_info_path": "/vulnerabilities/CVE-2021-37643/48063", + "cve": "CVE-2021-22876", + "id": "pyup.io-48045", + "more_info_path": "/vulnerabilities/CVE-2021-22876/48045", "specs": [ "<0.6.0" ], @@ -113081,9 +114306,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37646", - "id": "pyup.io-48066", - "more_info_path": "/vulnerabilities/CVE-2021-37646/48066", + "cve": "CVE-2021-37688", + "id": "pyup.io-48106", + "more_info_path": "/vulnerabilities/CVE-2021-37688/48106", "specs": [ "<0.6.0" ], @@ -113091,9 +114316,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37689", - "id": "pyup.io-48107", - "more_info_path": "/vulnerabilities/CVE-2021-37689/48107", + "cve": "CVE-2021-37648", + "id": "pyup.io-48068", + "more_info_path": "/vulnerabilities/CVE-2021-37648/48068", "specs": [ "<0.6.0" ], @@ -113101,9 +114326,19 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37657", - "id": "pyup.io-48076", - "more_info_path": "/vulnerabilities/CVE-2021-37657/48076", + "cve": "CVE-2021-37669", + "id": "pyup.io-48088", + "more_info_path": "/vulnerabilities/CVE-2021-37669/48088", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37670", + "id": "pyup.io-48089", + "more_info_path": "/vulnerabilities/CVE-2021-37670/48089", "specs": [ "<0.6.0" ], @@ -117833,16 +119068,6 @@ ], "v": "<3.0.0" }, - { - "advisory": "Pycape 3.0.0 updates its dependency 'cryptography' to v39.0.1 to include security fixes.", - "cve": "CVE-2023-23931", - "id": "pyup.io-53123", - "more_info_path": "/vulnerabilities/CVE-2023-23931/53123", - "specs": [ - "<3.0.0" - ], - "v": "<3.0.0" - }, { "advisory": "Pycape 3.0.0 updates its dependency 'cryptography' to v39.0.1 to include security fixes.", "cve": "CVE-2022-3996", @@ -117893,6 +119118,16 @@ ], "v": "<3.0.0" }, + { + "advisory": "Pycape 3.0.0 updates its dependency 'cryptography' to v39.0.1 to include security fixes.", + "cve": "CVE-2023-23931", + "id": "pyup.io-53123", + "more_info_path": "/vulnerabilities/CVE-2023-23931/53123", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" + }, { "advisory": "Pycape 3.0.0 updates its dependency 'cryptography' to v39.0.1 to include security fixes.", "cve": "CVE-2023-0215", @@ -118432,9 +119667,9 @@ }, { "advisory": "Pydbtools 5.3.0 updates its dependency 'numpy' to v1.23.1 to include security fixes.", - "cve": "CVE-2021-41495", - "id": "pyup.io-50125", - "more_info_path": "/vulnerabilities/CVE-2021-41495/50125", + "cve": "CVE-2021-34141", + "id": "pyup.io-50121", + "more_info_path": "/vulnerabilities/CVE-2021-34141/50121", "specs": [ "<5.3.0" ], @@ -118442,9 +119677,9 @@ }, { "advisory": "Pydbtools 5.3.0 updates its dependency 'numpy' to v1.23.1 to include security fixes.", - "cve": "CVE-2021-34141", - "id": "pyup.io-50121", - "more_info_path": "/vulnerabilities/CVE-2021-34141/50121", + "cve": "CVE-2021-41495", + "id": "pyup.io-50125", + "more_info_path": "/vulnerabilities/CVE-2021-41495/50125", "specs": [ "<5.3.0" ], @@ -118717,20 +119952,20 @@ "v": ">=0,<0.2.0" }, { - "advisory": "ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.", - "cve": "CVE-2008-7263", - "id": "pyup.io-54039", - "more_info_path": "/vulnerabilities/CVE-2008-7263/54039", + "advisory": "The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.", + "cve": "CVE-2008-7264", + "id": "pyup.io-54040", + "more_info_path": "/vulnerabilities/CVE-2008-7264/54040", "specs": [ ">=0,<0.5.0" ], "v": ">=0,<0.5.0" }, { - "advisory": "The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows remote authenticated users to cause a denial of service (file descriptor exhaustion and daemon outage) by sending a QUIT command during a disallowed data-transfer attempt.", - "cve": "CVE-2008-7264", - "id": "pyup.io-54040", - "more_info_path": "/vulnerabilities/CVE-2008-7264/54040", + "advisory": "ftpserver.py in pyftpdlib before 0.5.0 does not delay its response after receiving an invalid login attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.", + "cve": "CVE-2008-7263", + "id": "pyup.io-54039", + "more_info_path": "/vulnerabilities/CVE-2008-7263/54039", "specs": [ ">=0,<0.5.0" ], @@ -118853,6 +120088,16 @@ "<2.5.2" ], "v": "<2.5.2" + }, + { + "advisory": "Affected versions of pygame are vulnerable to a file squatting vulnerability (CWE-377). This vulnerability could allow an attacker to manipulate temporary files, potentially leading to unauthorized data access or corruption. The vulnerability arises from the use of tempfile.mktemp(), which creates a race condition. The patch mitigates this issue by using tempfile.NamedTemporaryFile(delete=False), which securely creates temporary files. Users should ensure that temporary files are not reopened by name in an unsafe manner to avoid potential exploitation. This advisory is relevant for Python versions prior to the introduction of safer temporary file handling practices.", + "cve": "PVE-2024-73475", + "id": "pyup.io-73475", + "more_info_path": "/vulnerabilities/PVE-2024-73475/73475", + "specs": [ + "<2.6.0" + ], + "v": "<2.6.0" } ], "pygame-ce": [ @@ -119404,6 +120649,16 @@ ], "v": ">=0" }, + { + "advisory": "pyload-ng affected versions are vulnerable to remote code execution (RCE) when running on Python 3.11 or below. The vulnerability stems from a sandbox escape in js2py (CVE-2024-28397) used by the /flash/addcrypted2 API endpoint. Although designed for localhost connections, this restriction can be bypassed using HTTP headers, allowing attackers to execute arbitrary shell commands on the victim's server. The issue affects all Python versions up to 3.11, as pyload-ng doesn't use js2py in Python 3.12+. Users are strongly advised to update to the latest version or migrate to Python 3.12+ if possible.", + "cve": "CVE-2024-28397", + "id": "pyup.io-73186", + "more_info_path": "/vulnerabilities/CVE-2024-28397/73186", + "specs": [ + ">=0" + ], + "v": ">=0" + }, { "advisory": "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is patched in version 0.5.0b3.dev32.", "cve": "CVE-2023-0055", @@ -119871,6 +121126,28 @@ "v": "<1.3.0" } ], + "pyninja": [ + { + "advisory": "Pyninja 0.0.4 adds HTTP basic authentication for the monitoring page.", + "cve": "PVE-2024-73101", + "id": "pyup.io-73101", + "more_info_path": "/vulnerabilities/PVE-2024-73101/73101", + "specs": [ + "<0.0.4" + ], + "v": "<0.0.4" + }, + { + "advisory": "Affected versions of Pyninja are potentially vulnerable to shell injection.", + "cve": "PVE-2024-73106", + "id": "pyup.io-73106", + "more_info_path": "/vulnerabilities/PVE-2024-73106/73106", + "specs": [ + "<0.0.4" + ], + "v": "<0.0.4" + } + ], "pynitrokey": [ { "advisory": "Pynitrokey 0.4.39 upgrades its cryptography dependency, moving from version range >=3.4.4,<37 to a new range of >=39.0.1,<39.1. This update addresses the security vulnerability identified in CVE-2023-23931.", @@ -120029,17 +121306,7 @@ "v": "<0.13.1" }, { - "advisory": "Pyopenssl 17.5.0 includes a fix for CVE-2018-1000808: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 store that can result in denial-of-service if memory runs low or is exhausted. This attack appears to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.\r\nhttps://github.com/pyca/pyopenssl/pull/723", - "cve": "CVE-2018-1000808", - "id": "pyup.io-36534", - "more_info_path": "/vulnerabilities/CVE-2018-1000808/36534", - "specs": [ - ">=0.14,<17.5.0" - ], - "v": ">=0.14,<17.5.0" - }, - { - "advisory": "Pyopenssl 17.5.0 includes a fix for CVE-2018-1000807: Use After Free vulnerability in X509 object handling that can possibly lead to denial of service or remote code execution. This attack appears to be exploitable via 'Depends' on the calling application and if it retains a reference to the memory.\r\n#NOTE: The data we include in this advisory differs from the publicly available on nvd.nist.gov. 'cryptography' dependency was introduced in release 0.14a2.\r\nhttps://github.com/pyca/pyopenssl/commit/5d97b41cc68f05b63137622b2e6d2398834ba583\r\nhttps://github.com/pyca/pyopenssl/pull/723", + "advisory": "Pyopenssl 17.5.0 includes a fix for CVE-2018-1000807: Use After Free vulnerability in X509 object handling that can possibly lead to denial of service or remote code execution. This attack appears to be exploitable via 'Depends' on the calling application and if it retains a reference to the memory.\r\n#NOTE: The data we include in this advisory differs from the publicly available on nvd.nist.gov. 'cryptography' dependency was introduced in release 0.14a2.", "cve": "CVE-2018-1000807", "id": "pyup.io-36533", "more_info_path": "/vulnerabilities/CVE-2018-1000807/36533", @@ -120049,14 +121316,14 @@ "v": ">=0.14,<17.5.0" }, { - "advisory": "CVE-2023-6129 affects PyOpenSSL versions starting from 22.0.0 due to a vulnerability in the POLY1305 MAC algorithm on PowerPC CPUs. This issue could lead to state corruption in applications, causing inaccurate outcomes or service disruptions. Attackers need specific conditions to exploit this flaw, including the ability to manipulate the algorithm's use and reliance on certain system registers by the application.", - "cve": "CVE-2023-6129", - "id": "pyup.io-65213", - "more_info_path": "/vulnerabilities/CVE-2023-6129/65213", + "advisory": "Pyopenssl 17.5.0 includes a fix for CVE-2018-1000808: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 store that can result in denial-of-service if memory runs low or is exhausted. This attack appears to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.\r\n#NOTE: The data we include in this advisory differs from the publicly available on nvd.nist.gov. 'cryptography' dependency was introduced in release 0.14a2.", + "cve": "CVE-2018-1000808", + "id": "pyup.io-36534", + "more_info_path": "/vulnerabilities/CVE-2018-1000808/36534", "specs": [ - ">=22.0.0" + ">=0.14,<17.5.0" ], - "v": ">=22.0.0" + "v": ">=0.14,<17.5.0" } ], "pyoracleclient": [ @@ -120517,20 +121784,20 @@ ], "pypx800v5": [ { - "advisory": "Pypx800v5 version 1.2.1 updates its `aiohttp` dependency from 3.9.3 to 3.9.5 to address several security vulnerabilities, including CVE-2024-27306. This update ensures the application remains secure by incorporating the necessary fixes provided in the latest version of the `aiohttp` library.", - "cve": "CVE-2024-30251", - "id": "pyup.io-71177", - "more_info_path": "/vulnerabilities/CVE-2024-30251/71177", + "advisory": "Pypx800v5 version 1.2.1 updates its `requests` dependency from 2.31.0 to 2.32.2 to address multiple security vulnerabilities, including CVE-2024-35195. This update ensures the application is protected against known issues in the older version of the `requests` library.", + "cve": "CVE-2024-35195", + "id": "pyup.io-71169", + "more_info_path": "/vulnerabilities/CVE-2024-35195/71169", "specs": [ "<1.2.1" ], "v": "<1.2.1" }, { - "advisory": "Pypx800v5 version 1.2.1 updates its `requests` dependency from 2.31.0 to 2.32.2 to address multiple security vulnerabilities, including CVE-2024-35195. This update ensures the application is protected against known issues in the older version of the `requests` library.", - "cve": "CVE-2024-35195", - "id": "pyup.io-71169", - "more_info_path": "/vulnerabilities/CVE-2024-35195/71169", + "advisory": "Pypx800v5 version 1.2.1 updates its `aiohttp` dependency from 3.9.3 to 3.9.5 to address several security vulnerabilities, including CVE-2024-27306. This update ensures the application remains secure by incorporating the necessary fixes provided in the latest version of the `aiohttp` library.", + "cve": "CVE-2024-30251", + "id": "pyup.io-71177", + "more_info_path": "/vulnerabilities/CVE-2024-30251/71177", "specs": [ "<1.2.1" ], @@ -121130,9 +122397,9 @@ }, { "advisory": "Pyserini 0.11.0.0 and prior includes a version of Anserini affected by critical and severe vulnerabilities, related to log4j.", - "cve": "CVE-2021-45046", - "id": "pyup.io-43607", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43607", + "cve": "CVE-2021-45105", + "id": "pyup.io-43608", + "more_info_path": "/vulnerabilities/CVE-2021-45105/43608", "specs": [ "<=0.11.0.0" ], @@ -121140,9 +122407,9 @@ }, { "advisory": "Pyserini 0.11.0.0 and prior includes a version of Anserini affected by critical and severe vulnerabilities, related to log4j.", - "cve": "CVE-2021-45105", - "id": "pyup.io-43608", - "more_info_path": "/vulnerabilities/CVE-2021-45105/43608", + "cve": "CVE-2021-45046", + "id": "pyup.io-43607", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43607", "specs": [ "<=0.11.0.0" ], @@ -121183,6 +122450,18 @@ "v": "<0.2.1" } ], + "pysigma-backend-kusto": [ + { + "advisory": "Pysigma-backend-kusto 0.2.1 pins its dependency 'certifi' to v2023.07.22 to include a security fix.", + "cve": "CVE-2023-37920", + "id": "pyup.io-73105", + "more_info_path": "/vulnerabilities/CVE-2023-37920/73105", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + } + ], "pysigma-backend-microsoft365defender": [ { "advisory": "Pysigma-backend-microsoft365defender 0.2.1 pins 'certifi' version to '2023.07.22' to include a security fix.", @@ -124245,10 +125524,10 @@ ], "python-engineio-v3": [ { - "advisory": "Python-engineio-v3 3.9.0\r\n\r\n- **Vulnerability Type:** Cross-origin scripting attack\r\n- **Impact:** Executing arbitrary JavaScript in the origin of the WebSocket connection\r\n- **Attack Vector:** Bypassing the same-origin policy of web browsers through the use of WebSockets\r\n- **Vulnerable Configuration:** Lack of origin check when establishing WebSocket connections\r\n- **Mitigation:** Enforce origin checks when accepting WebSocket connections to prevent cross-origin scripting attacks.\r\n\r\nThe application establishes WebSocket connections without validating the origin of the sender, allowing attackers to bypass the same-origin policy and inject malicious JavaScript into the application context. By sending specially crafted WebSocket messages, an attacker could execute arbitrary code in the origin of the WebSocket connection.\r\n\r\nAnalysis Details:\r\n\r\nContext: Web security policy \r\nVulnerability: True positive (cross-origin attack) \r\nLinks Commit: https://github.com/miguelgrinberg/python-engineio/commit/7548f704a0a3000b7ac8a6c88796c4ae58aa9c37\r\nScore: 8 - True positive, documentation added to describe and mitigate cross-origin vulnerabilities", - "cve": "PVE-2024-72870", + "advisory": "Affected versions of Python-engineio are vulnerable to Cross-Site WebSocket Hijacking (CSWSH), that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.", + "cve": "CVE-2019-13611", "id": "pyup.io-72870", - "more_info_path": "/vulnerabilities/PVE-2024-72870/72870", + "more_info_path": "/vulnerabilities/CVE-2019-13611/72870", "specs": [ "<3.9.0" ], @@ -124400,20 +125679,20 @@ "v": "<4.4.0" }, { - "advisory": "Python-gitlab version 4.5.0 updates its dependency on `jinja2` from version 3.1.3 to 3.1.4 due to the security vulnerability identified in CVE-2024-22195.", - "cve": "CVE-2024-22195", - "id": "pyup.io-70982", - "more_info_path": "/vulnerabilities/CVE-2024-22195/70982", + "advisory": "Python-gitlab version 4.5.0 updates its dependency on the `black` package from version 24.2.0 to 24.3.0 in response to CVE-2024-21503.", + "cve": "CVE-2024-21503", + "id": "pyup.io-70993", + "more_info_path": "/vulnerabilities/CVE-2024-21503/70993", "specs": [ "<4.5.0" ], "v": "<4.5.0" }, { - "advisory": "Python-gitlab version 4.5.0 updates its dependency on the `black` package from version 24.2.0 to 24.3.0 in response to CVE-2024-21503.", - "cve": "CVE-2024-21503", - "id": "pyup.io-70993", - "more_info_path": "/vulnerabilities/CVE-2024-21503/70993", + "advisory": "Python-gitlab version 4.5.0 updates its dependency on `jinja2` from version 3.1.3 to 3.1.4 due to the security vulnerability identified in CVE-2024-22195.", + "cve": "CVE-2024-22195", + "id": "pyup.io-70982", + "more_info_path": "/vulnerabilities/CVE-2024-22195/70982", "specs": [ "<4.5.0" ], @@ -124496,6 +125775,16 @@ } ], "python-homewizard-energy": [ + { + "advisory": "Python-homewizard-energy 2.1.2 updates its dependency 'gitpython' to include a security fix.", + "cve": "CVE-2023-41040", + "id": "pyup.io-61751", + "more_info_path": "/vulnerabilities/CVE-2023-41040/61751", + "specs": [ + "<2.1.2" + ], + "v": "<2.1.2" + }, { "advisory": "Python-homewizard-energy 2.1.2 updates its dependency 'urllib3' to include a security fix.", "cve": "CVE-2023-43804", @@ -124515,16 +125804,6 @@ "<2.1.2" ], "v": "<2.1.2" - }, - { - "advisory": "Python-homewizard-energy 2.1.2 updates its dependency 'gitpython' to include a security fix.", - "cve": "CVE-2023-41040", - "id": "pyup.io-61751", - "more_info_path": "/vulnerabilities/CVE-2023-41040/61751", - "specs": [ - "<2.1.2" - ], - "v": "<2.1.2" } ], "python-hugo": [ @@ -124603,24 +125882,24 @@ "v": "<1.3.2" }, { - "advisory": "python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. See CVE-2024-33663.", + "advisory": "Affected versions of Python-jose have a algorithm confusion vulnerability with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.", "cve": "CVE-2024-33663", "id": "pyup.io-70715", "more_info_path": "/vulnerabilities/CVE-2024-33663/70715", "specs": [ - "<3.3.0" + ">=0" ], - "v": "<3.3.0" + "v": ">=0" }, { - "advisory": "python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a \"JWT bomb.\" This is similar to CVE-2024-21319. See CVE-2024-33664.", + "advisory": "Affected versions of Python-jose allow attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a \"JWT bomb.\" This is similar to CVE-2024-21319.", "cve": "CVE-2024-33664", "id": "pyup.io-70716", "more_info_path": "/vulnerabilities/CVE-2024-33664/70716", "specs": [ - "<3.3.0" + ">=0" ], - "v": "<3.3.0" + "v": ">=0" } ], "python-jsonlogic": [ @@ -125268,6 +126547,16 @@ "<9.4.2" ], "v": "<9.4.2" + }, + { + "advisory": "Python-semantic-release affected versions contain a path traversal vulnerability affecting Windows systems. The issue is located in the RuntimeContext class of semantic_release/cli/config.py, stems from improper path resolution when handling changelog files and template directories. This could allow attackers to access or modify files outside the intended repository directory. The vulnerability arises from using Path.resolve() without Path.absolute(), which may return relative paths on Windows for non-existent directories, potentially bypassing security checks. \r\n#NOTE: This only affects Windows users.", + "cve": "PVE-2024-72981", + "id": "pyup.io-72981", + "more_info_path": "/vulnerabilities/PVE-2024-72981/72981", + "specs": [ + "<9.8.8" + ], + "v": "<9.8.8" } ], "python-smooch": [ @@ -125284,10 +126573,10 @@ ], "python-socketio": [ { - "advisory": "Python-socketio 4.3.0 addresses potential websocket cross-origin attacks. See: .", - "cve": "PVE-2021-37308", + "advisory": "Affected versions of Python-socketio are vulnerable to Cross-Site WebSocket Hijacking (CSWSH), that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.", + "cve": "CVE-2019-13611", "id": "pyup.io-37308", - "more_info_path": "/vulnerabilities/PVE-2021-37308/37308", + "more_info_path": "/vulnerabilities/CVE-2019-13611/37308", "specs": [ "<4.3.0" ], @@ -125296,20 +126585,10 @@ ], "python-socketio-v4": [ { - "advisory": "Python-socketio-v4 1.4.4\r\n\r\n- Vulnerability Type: Race Condition \r\n- Impact: Depends on specifics of race condition. Likely allows unauthorized access or privilege escalation. \r\n- Attack Vector: Local users or remote attackers could exploit this race condition vulnerability.\r\n\r\nAffected Functions/Methods: The fix for the race condition is linked to commit 024609e10e570ccd2e932a0584c5a1784c4bbf75. The issue related to this fix is linked to issue 37. \r\n- Vulnerable Configuration: Any version of the python-socketio package prior to the fix. \r\n- Mitigation/Remediation: Upgrade to version of python-socketio package that contains commit 024609e10e570ccd2e932a0584c5a1784c4bbf75.\r\n\r\nThe analysis did not provide any information on exploitability or why this information is better than public sources.", - "cve": "PVE-2024-72873", - "id": "pyup.io-72873", - "more_info_path": "/vulnerabilities/PVE-2024-72873/72873", - "specs": [ - "<1.4.4" - ], - "v": "<1.4.4" - }, - { - "advisory": "Python-socketio-v4 4.3.0\r\n\r\nVulnerability Type: Cross-Site Scripting (XSS) \r\nImpact: Medium. The vulnerability allows execution of arbitrary JavaScript code in the context of the affected website.\r\nCVSS v3.0 severity rating: 6.1 (Medium)\r\nAttack Vector: Maliciously crafted HTTP requests\r\nAffected Functions/Methods: The socket.io library is affected, specifically in handling cross-origin requests. \r\nVulnerable Configuration: Any application using the affected socket.io library versions.\r\nExploitability: The issue and fix are clearly identified, allowing reproduction of the vulnerability. The vulnerability appears to be easily exploitable.\r\nMitigation/Remediation: Upgrade to socket.io version 3.1.1 or later.\r\n\r\n\r\nRemarks: PoC exploits may become public, so we advise you to monitor for developments.", - "cve": "PVE-2024-72872", + "advisory": "Affected versions of Python-socketio-v4 are vulnerable to Cross-Site WebSocket Hijacking (CSWSH), that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.", + "cve": "CVE-2019-13611", "id": "pyup.io-72872", - "more_info_path": "/vulnerabilities/PVE-2024-72872/72872", + "more_info_path": "/vulnerabilities/CVE-2019-13611/72872", "specs": [ "<4.3.0" ], @@ -125871,6 +127150,18 @@ "v": ">0" } ], + "pyvbmc": [ + { + "advisory": "Updated the actions/download-artifact in Pyvbmc from actions/download-artifact@v3 to actions/download-artifact@v4 to address CVE-2024-42471.", + "cve": "CVE-2024-42471", + "id": "pyup.io-73373", + "more_info_path": "/vulnerabilities/CVE-2024-42471/73373", + "specs": [ + "<1.0.4" + ], + "v": "<1.0.4" + } + ], "pyvcloud": [ { "advisory": "Pyvcloud 20.0.0 fixes CVE-2017-18342: Replace yaml.load() with yaml.safe_load()", @@ -126899,6 +128190,18 @@ "v": "<0.6.14" } ], + "querycommander": [ + { + "advisory": "Querycommander addresses a vulnerability affecting AWS Lambda deployments. Affected versions potentially exposed user data across sessions due to improper caching. This update resolves the issue and introduces enhanced security measures, including improved tokenization and connection handling. All users, especially those utilizing AWS Lambda, are strongly advised to upgrade immediately to v0.9.1 or later. The update also includes new database/schema access control features and various performance improvements.", + "cve": "PVE-2024-73014", + "id": "pyup.io-73014", + "more_info_path": "/vulnerabilities/PVE-2024-73014/73014", + "specs": [ + "<0.9.1" + ], + "v": "<0.9.1" + } + ], "quilt": [ { "advisory": "Quilt 2.9.14 updates Flask version to v.0.12.3 to include security fixes.", @@ -127470,29 +128773,9 @@ "rapidtide": [ { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15202", - "id": "pyup.io-48367", - "more_info_path": "/vulnerabilities/CVE-2020-15202/48367", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15209", - "id": "pyup.io-48374", - "more_info_path": "/vulnerabilities/CVE-2020-15209/48374", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2018-17190", - "id": "pyup.io-48341", - "more_info_path": "/vulnerabilities/CVE-2018-17190/48341", + "cve": "CVE-2020-9327", + "id": "pyup.io-48385", + "more_info_path": "/vulnerabilities/CVE-2020-9327/48385", "specs": [ "<2.0.2" ], @@ -127500,9 +128783,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15250", - "id": "pyup.io-48377", - "more_info_path": "/vulnerabilities/CVE-2020-15250/48377", + "cve": "CVE-2019-13960", + "id": "pyup.io-48345", + "more_info_path": "/vulnerabilities/CVE-2019-13960/48345", "specs": [ "<2.0.2" ], @@ -127510,9 +128793,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-10099", - "id": "pyup.io-48344", - "more_info_path": "/vulnerabilities/CVE-2019-10099/48344", + "cve": "CVE-2019-19645", + "id": "pyup.io-48349", + "more_info_path": "/vulnerabilities/CVE-2019-19645/48349", "specs": [ "<2.0.2" ], @@ -127520,9 +128803,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15195", - "id": "pyup.io-48366", - "more_info_path": "/vulnerabilities/CVE-2020-15195/48366", + "cve": "CVE-2020-15208", + "id": "pyup.io-48373", + "more_info_path": "/vulnerabilities/CVE-2020-15208/48373", "specs": [ "<2.0.2" ], @@ -127530,9 +128813,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-11655", - "id": "pyup.io-48355", - "more_info_path": "/vulnerabilities/CVE-2020-11655/48355", + "cve": "CVE-2018-19664", + "id": "pyup.io-48342", + "more_info_path": "/vulnerabilities/CVE-2018-19664/48342", "specs": [ "<2.0.2" ], @@ -127540,9 +128823,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15194", - "id": "pyup.io-48365", - "more_info_path": "/vulnerabilities/CVE-2020-15194/48365", + "cve": "CVE-2018-11770", + "id": "pyup.io-40991", + "more_info_path": "/vulnerabilities/CVE-2018-11770/40991", "specs": [ "<2.0.2" ], @@ -127550,9 +128833,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-26270", - "id": "pyup.io-48382", - "more_info_path": "/vulnerabilities/CVE-2020-26270/48382", + "cve": "CVE-2020-15209", + "id": "pyup.io-48374", + "more_info_path": "/vulnerabilities/CVE-2020-15209/48374", "specs": [ "<2.0.2" ], @@ -127560,9 +128843,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-13630", - "id": "pyup.io-48359", - "more_info_path": "/vulnerabilities/CVE-2020-13630/48359", + "cve": "CVE-2020-15202", + "id": "pyup.io-48367", + "more_info_path": "/vulnerabilities/CVE-2020-15202/48367", "specs": [ "<2.0.2" ], @@ -127658,26 +128941,6 @@ ], "v": "<2.0.2" }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15210", - "id": "pyup.io-48375", - "more_info_path": "/vulnerabilities/CVE-2020-15210/48375", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-26266", - "id": "pyup.io-48379", - "more_info_path": "/vulnerabilities/CVE-2020-26266/48379", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2020-13871", @@ -127688,16 +128951,6 @@ ], "v": "<2.0.2" }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2018-11770", - "id": "pyup.io-40991", - "more_info_path": "/vulnerabilities/CVE-2018-11770/40991", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2020-13434", @@ -127710,9 +128963,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-13790", - "id": "pyup.io-48361", - "more_info_path": "/vulnerabilities/CVE-2020-13790/48361", + "cve": "CVE-2020-26271", + "id": "pyup.io-48383", + "more_info_path": "/vulnerabilities/CVE-2020-26271/48383", "specs": [ "<2.0.2" ], @@ -127720,9 +128973,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-13631", - "id": "pyup.io-48360", - "more_info_path": "/vulnerabilities/CVE-2020-13631/48360", + "cve": "CVE-2019-19646", + "id": "pyup.io-48350", + "more_info_path": "/vulnerabilities/CVE-2019-19646/48350", "specs": [ "<2.0.2" ], @@ -127730,9 +128983,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15190", - "id": "pyup.io-48364", - "more_info_path": "/vulnerabilities/CVE-2020-15190/48364", + "cve": "CVE-2020-15206", + "id": "pyup.io-48371", + "more_info_path": "/vulnerabilities/CVE-2020-15206/48371", "specs": [ "<2.0.2" ], @@ -127740,9 +128993,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-26271", - "id": "pyup.io-48383", - "more_info_path": "/vulnerabilities/CVE-2020-26271/48383", + "cve": "CVE-2020-15195", + "id": "pyup.io-48366", + "more_info_path": "/vulnerabilities/CVE-2020-15195/48366", "specs": [ "<2.0.2" ], @@ -127750,9 +129003,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-19646", - "id": "pyup.io-48350", - "more_info_path": "/vulnerabilities/CVE-2019-19646/48350", + "cve": "CVE-2020-11655", + "id": "pyup.io-48355", + "more_info_path": "/vulnerabilities/CVE-2020-11655/48355", "specs": [ "<2.0.2" ], @@ -127760,9 +129013,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-5482", - "id": "pyup.io-48354", - "more_info_path": "/vulnerabilities/CVE-2019-5482/48354", + "cve": "CVE-2020-15194", + "id": "pyup.io-48365", + "more_info_path": "/vulnerabilities/CVE-2020-15194/48365", "specs": [ "<2.0.2" ], @@ -127770,9 +129023,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-26268", - "id": "pyup.io-48381", - "more_info_path": "/vulnerabilities/CVE-2020-26268/48381", + "cve": "CVE-2020-26270", + "id": "pyup.io-48382", + "more_info_path": "/vulnerabilities/CVE-2020-26270/48382", "specs": [ "<2.0.2" ], @@ -127780,9 +129033,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15206", - "id": "pyup.io-48371", - "more_info_path": "/vulnerabilities/CVE-2020-15206/48371", + "cve": "CVE-2020-26266", + "id": "pyup.io-48379", + "more_info_path": "/vulnerabilities/CVE-2020-26266/48379", "specs": [ "<2.0.2" ], @@ -127790,9 +129043,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-19880", - "id": "pyup.io-48351", - "more_info_path": "/vulnerabilities/CVE-2019-19880/48351", + "cve": "CVE-2020-13790", + "id": "pyup.io-48361", + "more_info_path": "/vulnerabilities/CVE-2020-13790/48361", "specs": [ "<2.0.2" ], @@ -127800,9 +129053,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2018-20330", - "id": "pyup.io-48343", - "more_info_path": "/vulnerabilities/CVE-2018-20330/48343", + "cve": "CVE-2019-5482", + "id": "pyup.io-48354", + "more_info_path": "/vulnerabilities/CVE-2019-5482/48354", "specs": [ "<2.0.2" ], @@ -127810,9 +129063,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-9327", - "id": "pyup.io-48385", - "more_info_path": "/vulnerabilities/CVE-2020-9327/48385", + "cve": "CVE-2020-26268", + "id": "pyup.io-48381", + "more_info_path": "/vulnerabilities/CVE-2020-26268/48381", "specs": [ "<2.0.2" ], @@ -127820,9 +129073,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-5215", - "id": "pyup.io-48384", - "more_info_path": "/vulnerabilities/CVE-2020-5215/48384", + "cve": "CVE-2018-20330", + "id": "pyup.io-48343", + "more_info_path": "/vulnerabilities/CVE-2018-20330/48343", "specs": [ "<2.0.2" ], @@ -127830,9 +129083,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2018-19664", - "id": "pyup.io-48342", - "more_info_path": "/vulnerabilities/CVE-2018-19664/48342", + "cve": "CVE-2020-5215", + "id": "pyup.io-48384", + "more_info_path": "/vulnerabilities/CVE-2020-5215/48384", "specs": [ "<2.0.2" ], @@ -127890,9 +129143,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-19645", - "id": "pyup.io-48349", - "more_info_path": "/vulnerabilities/CVE-2019-19645/48349", + "cve": "CVE-2019-19880", + "id": "pyup.io-48351", + "more_info_path": "/vulnerabilities/CVE-2019-19880/48351", "specs": [ "<2.0.2" ], @@ -127900,9 +129153,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-13960", - "id": "pyup.io-48345", - "more_info_path": "/vulnerabilities/CVE-2019-13960/48345", + "cve": "CVE-2020-15190", + "id": "pyup.io-48364", + "more_info_path": "/vulnerabilities/CVE-2020-15190/48364", "specs": [ "<2.0.2" ], @@ -127910,23 +129163,63 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15208", - "id": "pyup.io-48373", - "more_info_path": "/vulnerabilities/CVE-2020-15208/48373", + "cve": "CVE-2020-15210", + "id": "pyup.io-48375", + "more_info_path": "/vulnerabilities/CVE-2020-15210/48375", "specs": [ "<2.0.2" ], "v": "<2.0.2" }, { - "advisory": "Rapidtide 2.6.5 updates its dependency 'urllib3' to v2.0.6 to include a security fix.", - "cve": "CVE-2023-43804", - "id": "pyup.io-61598", - "more_info_path": "/vulnerabilities/CVE-2023-43804/61598", + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-13630", + "id": "pyup.io-48359", + "more_info_path": "/vulnerabilities/CVE-2020-13630/48359", "specs": [ - "<2.6.5" + "<2.0.2" ], - "v": "<2.6.5" + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2019-10099", + "id": "pyup.io-48344", + "more_info_path": "/vulnerabilities/CVE-2019-10099/48344", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-15250", + "id": "pyup.io-48377", + "more_info_path": "/vulnerabilities/CVE-2020-15250/48377", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2018-17190", + "id": "pyup.io-48341", + "more_info_path": "/vulnerabilities/CVE-2018-17190/48341", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-13631", + "id": "pyup.io-48360", + "more_info_path": "/vulnerabilities/CVE-2020-13631/48360", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" }, { "advisory": "Rapidtide 2.6.5 updates its dependency 'pillow' to v10.0.1 to include a security fix.", @@ -127938,6 +129231,16 @@ ], "v": "<2.6.5" }, + { + "advisory": "Rapidtide 2.6.5 updates its dependency 'urllib3' to v2.0.6 to include a security fix.", + "cve": "CVE-2023-43804", + "id": "pyup.io-61598", + "more_info_path": "/vulnerabilities/CVE-2023-43804/61598", + "specs": [ + "<2.6.5" + ], + "v": "<2.6.5" + }, { "advisory": "Rapidtide 2.7.5 updates its dependency on Jinja2, moving from version 3.1.2 to 3.1.3, in response to the security vulnerability identified as CVE-2024-22195.\r\nhttps://github.com/bbfrederick/rapidtide/commit/8ef1d37b15f96a739582781123e3ee239d0d0b18", "cve": "CVE-2024-22195", @@ -129791,16 +131094,6 @@ ], "v": "<3.6.6" }, - { - "advisory": "Rasa 3.6.7 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", - "cve": "CVE-2023-38325", - "id": "pyup.io-60810", - "more_info_path": "/vulnerabilities/CVE-2023-38325/60810", - "specs": [ - "<3.6.7" - ], - "v": "<3.6.7" - }, { "advisory": "Rasa 3.6.7 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", "cve": "PVE-2023-60809", @@ -129841,6 +131134,16 @@ ], "v": "<3.6.7" }, + { + "advisory": "Rasa 3.6.7 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", + "cve": "CVE-2023-38325", + "id": "pyup.io-60810", + "more_info_path": "/vulnerabilities/CVE-2023-38325/60810", + "specs": [ + "<3.6.7" + ], + "v": "<3.6.7" + }, { "advisory": "Rasa 3.6.7 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a DoS vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", "cve": "CVE-2023-3817", @@ -130470,9 +131773,9 @@ "rasterio": [ { "advisory": "Rasterio 1.3.0 updates its C dependency 'hdf5' to include security fixes.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/81", - "cve": "CVE-2020-10809", - "id": "pyup.io-51988", - "more_info_path": "/vulnerabilities/CVE-2020-10809/51988", + "cve": "CVE-2020-10811", + "id": "pyup.io-51985", + "more_info_path": "/vulnerabilities/CVE-2020-10811/51985", "specs": [ "<1.3.0" ], @@ -130480,9 +131783,9 @@ }, { "advisory": "Rasterio 1.3.0 updates its C dependency 'hdf5' to include security fixes.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/81", - "cve": "CVE-2020-10812", - "id": "pyup.io-51987", - "more_info_path": "/vulnerabilities/CVE-2020-10812/51987", + "cve": "CVE-2020-10810", + "id": "pyup.io-51986", + "more_info_path": "/vulnerabilities/CVE-2020-10810/51986", "specs": [ "<1.3.0" ], @@ -130490,9 +131793,9 @@ }, { "advisory": "Rasterio 1.3.0 updates its C dependency 'hdf5' to include security fixes.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/81", - "cve": "CVE-2020-10811", - "id": "pyup.io-51985", - "more_info_path": "/vulnerabilities/CVE-2020-10811/51985", + "cve": "CVE-2020-10809", + "id": "pyup.io-51988", + "more_info_path": "/vulnerabilities/CVE-2020-10809/51988", "specs": [ "<1.3.0" ], @@ -130500,9 +131803,9 @@ }, { "advisory": "Rasterio 1.3.0 updates its C dependency 'hdf5' to include security fixes.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/81", - "cve": "CVE-2020-10810", - "id": "pyup.io-51986", - "more_info_path": "/vulnerabilities/CVE-2020-10810/51986", + "cve": "CVE-2020-10812", + "id": "pyup.io-51987", + "more_info_path": "/vulnerabilities/CVE-2020-10812/51987", "specs": [ "<1.3.0" ], @@ -130596,9 +131899,9 @@ }, { "advisory": "Ray 1.9.1 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/ray-project/ray/commit/2cdbf974ea63caf4323aacbccaef2394a14a8562", - "cve": "CVE-2021-44228", - "id": "pyup.io-43413", - "more_info_path": "/vulnerabilities/CVE-2021-44228/43413", + "cve": "CVE-2021-45046", + "id": "pyup.io-43415", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43415", "specs": [ "<1.9.1" ], @@ -130606,9 +131909,9 @@ }, { "advisory": "Ray 1.9.1 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/ray-project/ray/commit/2cdbf974ea63caf4323aacbccaef2394a14a8562", - "cve": "CVE-2021-45046", - "id": "pyup.io-43415", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43415", + "cve": "CVE-2021-44228", + "id": "pyup.io-43413", + "more_info_path": "/vulnerabilities/CVE-2021-44228/43413", "specs": [ "<1.9.1" ], @@ -130635,10 +131938,10 @@ "v": "<2.11.0" }, { - "advisory": "Ray 2.8.1 includes a fix for CVE-2023-6021: LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\r\nhttps://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023", - "cve": "CVE-2023-6021", - "id": "pyup.io-62650", - "more_info_path": "/vulnerabilities/CVE-2023-6021/62650", + "advisory": "Ray 2.8.1 includes a fix for CVE-2023-6019: A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.\r\nhttps://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023", + "cve": "CVE-2023-6019", + "id": "pyup.io-62632", + "more_info_path": "/vulnerabilities/CVE-2023-6019/62632", "specs": [ "<2.8.1" ], @@ -130655,20 +131958,20 @@ "v": "<2.8.1" }, { - "advisory": "Ray 2.8.1 includes a fix for CVE-2023-48023: Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. \r\nNOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment", - "cve": "CVE-2023-48023", - "id": "pyup.io-62651", - "more_info_path": "/vulnerabilities/CVE-2023-48023/62651", + "advisory": "Ray 2.8.1 includes a fix for CVE-2023-6021: LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\r\nhttps://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023", + "cve": "CVE-2023-6021", + "id": "pyup.io-62650", + "more_info_path": "/vulnerabilities/CVE-2023-6021/62650", "specs": [ "<2.8.1" ], "v": "<2.8.1" }, { - "advisory": "Ray 2.8.1 includes a fix for CVE-2023-6019: A command injection exists in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication.\r\nhttps://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023", - "cve": "CVE-2023-6019", - "id": "pyup.io-62632", - "more_info_path": "/vulnerabilities/CVE-2023-6019/62632", + "advisory": "Ray 2.8.1 includes a fix for CVE-2023-48023: Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. \r\nNOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment", + "cve": "CVE-2023-48023", + "id": "pyup.io-62651", + "more_info_path": "/vulnerabilities/CVE-2023-48023/62651", "specs": [ "<2.8.1" ], @@ -131861,6 +133164,28 @@ "v": "<0.5.0" } ], + "refuel-autolabel": [ + { + "advisory": "The Refuel Autolabel library affected versions contain an arbitrary code execution vulnerability in its classification task handler. When processing CSV files for these tasks, the library uses an unsafe eval() function to interpret values enclosed in square brackets. Attackers can exploit this vulnerability by crafting malicious CSV files containing Python code within these brackets. Upon processing such a file, the library will execute the embedded code, potentially compromising the system. Users should exercise extreme caution when handling external CSV files and avoid using this feature until the developers patch the vulnerability.", + "cve": "CVE-2024-27320", + "id": "pyup.io-73325", + "more_info_path": "/vulnerabilities/CVE-2024-27320/73325", + "specs": [ + ">=0.0.8" + ], + "v": ">=0.0.8" + }, + { + "advisory": "The Refuel Autolabel library affected versions contain a critical arbitrary code execution vulnerability in its multilabel classification task handler. When processing CSV files for these tasks, the library uses an unsafe eval() function to interpret the contents of square bracket-enclosed values. Attackers can exploit this vulnerability by crafting malicious CSV files containing Python code within these brackets. Upon processing such a file, the library will execute the embedded code, potentially compromising the system. Users should exercise extreme caution when handling external CSV files and avoid using this feature until the developers patch the vulnerability.", + "cve": "CVE-2024-27321", + "id": "pyup.io-73324", + "more_info_path": "/vulnerabilities/CVE-2024-27321/73324", + "specs": [ + ">=0.0.8" + ], + "v": ">=0.0.8" + } + ], "regex": [ { "advisory": "Regex 2018.11.22 includes a fix for a Catastrophic Backtracking vulnerability.\r\nhttps://github.com/mrabarnett/mrab-regex/issues/304", @@ -132614,6 +133939,26 @@ "<0.3.1" ], "v": "<0.3.1" + }, + { + "advisory": "Requests-doh 1.0.0 updates its dependency 'requests' to v2.32.3 to include a security fix.", + "cve": "CVE-2024-35195", + "id": "pyup.io-73100", + "more_info_path": "/vulnerabilities/CVE-2024-35195/73100", + "specs": [ + "<1.0.0" + ], + "v": "<1.0.0" + }, + { + "advisory": "Requests-doh 1.0.0 updates its dependency 'dnspython' to v2.6.1 to include a security fix.", + "cve": "CVE-2023-29483", + "id": "pyup.io-73107", + "more_info_path": "/vulnerabilities/CVE-2023-29483/73107", + "specs": [ + "<1.0.0" + ], + "v": "<1.0.0" } ], "requests-httpx": [ @@ -134840,6 +136185,18 @@ "v": "<1.4.1" } ], + "sagemaker-training": [ + { + "advisory": "Sagemaker-training affected versions prior may inadvertently expose sensitive information in log files. The vulnerability stems from detailed logging of module installation commands, potentially revealing package names, versions, or custom flags that could include sensitive data. This exposure risk is particularly concerning if installation processes involve tokens or credentials. The patch removes verbose logging in the install and install_requirements functions, significantly reducing the risk of accidental information disclosure.", + "cve": "PVE-2024-73184", + "id": "pyup.io-73184", + "more_info_path": "/vulnerabilities/PVE-2024-73184/73184", + "specs": [ + ">=4.7.0,<4.8.0" + ], + "v": ">=4.7.0,<4.8.0" + } + ], "sagemath": [ { "advisory": "SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).", @@ -135485,9 +136842,9 @@ }, { "advisory": "Salt 3006.0rc3 updates its dependency 'cryptography' to versions '>=39.0.1' to include security fixes.", - "cve": "CVE-2023-23931", - "id": "pyup.io-55067", - "more_info_path": "/vulnerabilities/CVE-2023-23931/55067", + "cve": "CVE-2023-0286", + "id": "pyup.io-55066", + "more_info_path": "/vulnerabilities/CVE-2023-0286/55066", "specs": [ "<3006.0rc3" ], @@ -135495,9 +136852,9 @@ }, { "advisory": "Salt 3006.0rc3 updates its dependency 'cryptography' to versions '>=39.0.1' to include security fixes.", - "cve": "CVE-2023-0286", - "id": "pyup.io-55066", - "more_info_path": "/vulnerabilities/CVE-2023-0286/55066", + "cve": "CVE-2023-23931", + "id": "pyup.io-55067", + "more_info_path": "/vulnerabilities/CVE-2023-23931/55067", "specs": [ "<3006.0rc3" ], @@ -135615,9 +136972,9 @@ }, { "advisory": "Salt version 3007.0 updates its GitPython dependency to version 3.1.35 or higher to address the security vulnerability identified in CVE-2023-40590.", - "cve": "CVE-2023-40590", - "id": "pyup.io-70737", - "more_info_path": "/vulnerabilities/CVE-2023-40590/70737", + "cve": "CVE-2023-41040", + "id": "pyup.io-70738", + "more_info_path": "/vulnerabilities/CVE-2023-41040/70738", "specs": [ "<3007.0" ], @@ -135625,9 +136982,9 @@ }, { "advisory": "Salt version 3007.0 updates its GitPython dependency to version 3.1.35 or higher to address the security vulnerability identified in CVE-2023-40590.", - "cve": "CVE-2023-41040", - "id": "pyup.io-70738", - "more_info_path": "/vulnerabilities/CVE-2023-41040/70738", + "cve": "CVE-2023-40590", + "id": "pyup.io-70737", + "more_info_path": "/vulnerabilities/CVE-2023-40590/70737", "specs": [ "<3007.0" ], @@ -136157,9 +137514,9 @@ }, { "advisory": "Sanic-security 0.8.0 updates its dependency \"pillow\" to v8.1.1 to include security fixes.", - "cve": "CVE-2021-25293", - "id": "pyup.io-42112", - "more_info_path": "/vulnerabilities/CVE-2021-25293/42112", + "cve": "CVE-2021-25292", + "id": "pyup.io-42111", + "more_info_path": "/vulnerabilities/CVE-2021-25292/42111", "specs": [ "<0.8.0" ], @@ -136167,9 +137524,9 @@ }, { "advisory": "Sanic-security 0.8.0 updates its dependency \"pillow\" to v8.1.1 to include security fixes.", - "cve": "CVE-2021-25292", - "id": "pyup.io-42111", - "more_info_path": "/vulnerabilities/CVE-2021-25292/42111", + "cve": "CVE-2021-25293", + "id": "pyup.io-42112", + "more_info_path": "/vulnerabilities/CVE-2021-25293/42112", "specs": [ "<0.8.0" ], @@ -136198,7 +137555,7 @@ ], "sap-xssec": [ { - "advisory": "Sap-xssec 4.1.0 includes a fix for CVE-2023-50423: Versions <4.1.0 allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. \r\nhttps://github.com/SAP/cloud-pysec/security/advisories/GHSA-6mjg-37cp-42x5", + "advisory": "Sap-xssec 4.1.0 includes a fix for CVE-2023-50423: Versions <4.1.0 allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application.", "cve": "CVE-2023-50423", "id": "pyup.io-62821", "more_info_path": "/vulnerabilities/CVE-2023-50423/62821", @@ -136284,6 +137641,45 @@ "v": "<7.0.2" } ], + "saywh11222": [ + { + "advisory": "The OpenSSF Package Analysis project has flagged the 'saywh11222' package on PyPI as malicious. This determination is based on the package's communication with a domain linked to malicious activities.", + "cve": "PVE-2024-73492", + "id": "pyup.io-73492", + "more_info_path": "/vulnerabilities/PVE-2024-73492/73492", + "specs": [ + ">=0", + "<=0" + ], + "v": ">=0,<=0" + } + ], + "saywh222": [ + { + "advisory": "The OpenSSF Package Analysis project has flagged the 'saywh222' package on PyPI as malicious. This determination is based on the package's communication with a domain linked to malicious activities.", + "cve": "PVE-2024-73490", + "id": "pyup.io-73490", + "more_info_path": "/vulnerabilities/PVE-2024-73490/73490", + "specs": [ + ">=0", + "<=0" + ], + "v": ">=0,<=0" + } + ], + "saywhu": [ + { + "advisory": "The OpenSSF Package Analysis project has flagged the 'saywhu' package on PyPI as malicious. This determination is based on the package's communication with a domain linked to malicious activities.", + "cve": "PVE-2024-73491", + "id": "pyup.io-73491", + "more_info_path": "/vulnerabilities/PVE-2024-73491/73491", + "specs": [ + ">=0", + "<=0" + ], + "v": ">=0,<=0" + } + ], "sbp": [ { "advisory": "Sbp 2.4.2 updates its NPM dependency 'mocha' to fix a transitive vulnerability in 'growl' package.", @@ -136564,6 +137960,26 @@ "<34.4.0" ], "v": "<34.4.0" + }, + { + "advisory": "ScanCodeIO upgrades Django to 5.1.1 and related dependencies for CVE-2024-45230.", + "cve": "CVE-2024-45230", + "id": "pyup.io-73075", + "more_info_path": "/vulnerabilities/CVE-2024-45230/73075", + "specs": [ + "<34.8.1" + ], + "v": "<34.8.1" + }, + { + "advisory": "ScanCodeIO upgrades Django to 5.1.1 and related dependencies for CVE-2024-45231.", + "cve": "CVE-2024-45231", + "id": "pyup.io-73081", + "more_info_path": "/vulnerabilities/CVE-2024-45231/73081", + "specs": [ + "<34.8.1" + ], + "v": "<34.8.1" } ], "scandeval": [ @@ -137047,14 +138463,14 @@ "v": ">=0,<1.8.4,>=2.0.0,<2.11.1" }, { - "advisory": "Scrapy is vulnerable to CVE-2017-14158: Scrapy allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.\r\nhttps://github.com/scrapy/scrapy/issues/482\r\nhttps://github.com/advisories/GHSA-h7wm-ph43-c39p", + "advisory": "Scrapy is vulnerable to CVE-2017-14158: Scrapy allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.", "cve": "CVE-2017-14158", "id": "pyup.io-54672", "more_info_path": "/vulnerabilities/CVE-2017-14158/54672", "specs": [ - ">=0.7,<=2.11.1" + ">=0.7" ], - "v": ">=0.7,<=2.11.1" + "v": ">=0.7" }, { "advisory": "In scrapy/scrapy, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.", @@ -139149,6 +140565,18 @@ "v": ">=6.4.1,<6.9.1" } ], + "sentence-transformers": [ + { + "advisory": "Sentence-transformers affected versions are vulnerable to arbitrary code execution when loading PyTorch model files. The `torch.load()` function, used without the `weights_only=True` parameter, could deserialize malicious Python objects from manipulated model files. This vulnerability potentially allows attackers to execute arbitrary code on the system.", + "cve": "PVE-2024-73169", + "id": "pyup.io-73169", + "more_info_path": "/vulnerabilities/PVE-2024-73169/73169", + "specs": [ + "<3.1.0" + ], + "v": "<3.1.0" + } + ], "sentinelone": [ { "advisory": "Sentinelone is a malicious package. It steals developer-related data.\r\nhttps://www.bleepingcomputer.com/news/security/malicious-sentinelone-pypi-package-steals-data-from-developers", @@ -139607,6 +141035,16 @@ ], "v": ">=22.6.0,<=22.10.0" }, + { + "advisory": "A vulnerability in Sentry affected versions enables authenticated users to mute alert rules from arbitrary organizations and projects using known rule IDs, bypassing proper authorization checks. This flaw allows unauthorized access and potential disruption of alert systems across multiple organizations. Although Sentry has not detected any exploits, the vulnerability could permit malicious actors to silence critical alerts without detection, potentially causing severe impact. Sentry has patched this vulnerability, implementing proper authorization scoping for alert rule muting requests.\r\nNOTE: While Sentry automatically protects SaaS users, all self-hosted Sentry users must upgrade to version 24.9.0 or higher immediately.", + "cve": "CVE-2024-45606", + "id": "pyup.io-73296", + "more_info_path": "/vulnerabilities/CVE-2024-45606/73296", + "specs": [ + ">=23.4.0,<24.9.0" + ], + "v": ">=23.4.0,<24.9.0" + }, { "advisory": "Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.", "cve": "PVE-2024-99897", @@ -139627,6 +141065,16 @@ ], "v": ">=23.6.0,<23.6.2" }, + { + "advisory": "A critical vulnerability in Sentry affected versions allowed authenticated users to delete notification settings of any user by supplying the setting's ID. This Insecure Direct Object Reference (IDOR) flaw enabled malicious actors to manipulate other users' notification preferences, potentially causing missed critical alerts. Insufficient authorization checks when deleting notification setting options caused this vulnerability. Sentry has patched this issue, implementing proper user-based access controls and validation. \r\nNOTE: While Sentry automatically protects SaaS users, all self-hosted Sentry users must upgrade to version 24.9.0 or higher immediately.", + "cve": "CVE-2024-45605", + "id": "pyup.io-73297", + "more_info_path": "/vulnerabilities/CVE-2024-45605/73297", + "specs": [ + ">=23.9.0,<24.9.0" + ], + "v": ">=23.9.0,<24.9.0" + }, { "advisory": "When authenticating as a superuser to a self-hosted Sentry instance with a username and password, the password is leaked as cleartext in logs under the event: auth-index.validate_superuser. An attacker with access to the log data could use these leaked credentials to log in to the Sentry system as a superuser.", "cve": "CVE-2024-32474", @@ -141179,9 +142627,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15358", - "id": "pyup.io-43805", - "more_info_path": "/vulnerabilities/CVE-2020-15358/43805", + "cve": "CVE-2018-19664", + "id": "pyup.io-43815", + "more_info_path": "/vulnerabilities/CVE-2018-19664/43815", "specs": [ "<1.0.10" ], @@ -141189,9 +142637,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2018-19664", - "id": "pyup.io-43815", - "more_info_path": "/vulnerabilities/CVE-2018-19664/43815", + "cve": "CVE-2018-17190", + "id": "pyup.io-43816", + "more_info_path": "/vulnerabilities/CVE-2018-17190/43816", "specs": [ "<1.0.10" ], @@ -141199,9 +142647,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2018-17190", - "id": "pyup.io-43816", - "more_info_path": "/vulnerabilities/CVE-2018-17190/43816", + "cve": "CVE-2020-15206", + "id": "pyup.io-43797", + "more_info_path": "/vulnerabilities/CVE-2020-15206/43797", "specs": [ "<1.0.10" ], @@ -141209,9 +142657,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15208", - "id": "pyup.io-43798", - "more_info_path": "/vulnerabilities/CVE-2020-15208/43798", + "cve": "CVE-2020-15210", + "id": "pyup.io-43813", + "more_info_path": "/vulnerabilities/CVE-2020-15210/43813", "specs": [ "<1.0.10" ], @@ -141219,9 +142667,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15195", - "id": "pyup.io-43800", - "more_info_path": "/vulnerabilities/CVE-2020-15195/43800", + "cve": "CVE-2019-10099", + "id": "pyup.io-43821", + "more_info_path": "/vulnerabilities/CVE-2019-10099/43821", "specs": [ "<1.0.10" ], @@ -141229,9 +142677,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15206", - "id": "pyup.io-43797", - "more_info_path": "/vulnerabilities/CVE-2020-15206/43797", + "cve": "CVE-2020-15358", + "id": "pyup.io-43805", + "more_info_path": "/vulnerabilities/CVE-2020-15358/43805", "specs": [ "<1.0.10" ], @@ -141239,9 +142687,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-13434", - "id": "pyup.io-43808", - "more_info_path": "/vulnerabilities/CVE-2020-13434/43808", + "cve": "CVE-2020-15208", + "id": "pyup.io-43798", + "more_info_path": "/vulnerabilities/CVE-2020-15208/43798", "specs": [ "<1.0.10" ], @@ -141249,9 +142697,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-13631", - "id": "pyup.io-43811", - "more_info_path": "/vulnerabilities/CVE-2020-13631/43811", + "cve": "CVE-2020-15195", + "id": "pyup.io-43800", + "more_info_path": "/vulnerabilities/CVE-2020-15195/43800", "specs": [ "<1.0.10" ], @@ -141259,9 +142707,19 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15210", - "id": "pyup.io-43813", - "more_info_path": "/vulnerabilities/CVE-2020-15210/43813", + "cve": "CVE-2020-13434", + "id": "pyup.io-43808", + "more_info_path": "/vulnerabilities/CVE-2020-13434/43808", + "specs": [ + "<1.0.10" + ], + "v": "<1.0.10" + }, + { + "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", + "cve": "CVE-2020-13631", + "id": "pyup.io-43811", + "more_info_path": "/vulnerabilities/CVE-2020-13631/43811", "specs": [ "<1.0.10" ], @@ -141279,9 +142737,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2019-10099", - "id": "pyup.io-43821", - "more_info_path": "/vulnerabilities/CVE-2019-10099/43821", + "cve": "CVE-2020-15211", + "id": "pyup.io-39680", + "more_info_path": "/vulnerabilities/CVE-2020-15211/39680", "specs": [ "<1.0.10" ], @@ -141289,9 +142747,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2019-19645", - "id": "pyup.io-43817", - "more_info_path": "/vulnerabilities/CVE-2019-19645/43817", + "cve": "CVE-2020-15203", + "id": "pyup.io-43803", + "more_info_path": "/vulnerabilities/CVE-2020-15203/43803", "specs": [ "<1.0.10" ], @@ -141299,9 +142757,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15211", - "id": "pyup.io-39680", - "more_info_path": "/vulnerabilities/CVE-2020-15211/39680", + "cve": "CVE-2019-19244", + "id": "pyup.io-43818", + "more_info_path": "/vulnerabilities/CVE-2019-19244/43818", "specs": [ "<1.0.10" ], @@ -141309,9 +142767,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15202", - "id": "pyup.io-43796", - "more_info_path": "/vulnerabilities/CVE-2020-15202/43796", + "cve": "CVE-2019-19880", + "id": "pyup.io-43819", + "more_info_path": "/vulnerabilities/CVE-2019-19880/43819", "specs": [ "<1.0.10" ], @@ -141319,9 +142777,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15203", - "id": "pyup.io-43803", - "more_info_path": "/vulnerabilities/CVE-2020-15203/43803", + "cve": "CVE-2020-15190", + "id": "pyup.io-43802", + "more_info_path": "/vulnerabilities/CVE-2020-15190/43802", "specs": [ "<1.0.10" ], @@ -141329,9 +142787,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15204", - "id": "pyup.io-43794", - "more_info_path": "/vulnerabilities/CVE-2020-15204/43794", + "cve": "CVE-2020-15209", + "id": "pyup.io-43799", + "more_info_path": "/vulnerabilities/CVE-2020-15209/43799", "specs": [ "<1.0.10" ], @@ -141339,9 +142797,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-11655", - "id": "pyup.io-43807", - "more_info_path": "/vulnerabilities/CVE-2020-11655/43807", + "cve": "CVE-2018-20330", + "id": "pyup.io-43820", + "more_info_path": "/vulnerabilities/CVE-2018-20330/43820", "specs": [ "<1.0.10" ], @@ -141349,9 +142807,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2019-19244", - "id": "pyup.io-43818", - "more_info_path": "/vulnerabilities/CVE-2019-19244/43818", + "cve": "CVE-2018-11770", + "id": "pyup.io-43822", + "more_info_path": "/vulnerabilities/CVE-2018-11770/43822", "specs": [ "<1.0.10" ], @@ -141359,9 +142817,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2019-19880", - "id": "pyup.io-43819", - "more_info_path": "/vulnerabilities/CVE-2019-19880/43819", + "cve": "CVE-2019-19645", + "id": "pyup.io-43817", + "more_info_path": "/vulnerabilities/CVE-2019-19645/43817", "specs": [ "<1.0.10" ], @@ -141369,9 +142827,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15190", - "id": "pyup.io-43802", - "more_info_path": "/vulnerabilities/CVE-2020-15190/43802", + "cve": "CVE-2020-15202", + "id": "pyup.io-43796", + "more_info_path": "/vulnerabilities/CVE-2020-15202/43796", "specs": [ "<1.0.10" ], @@ -141379,9 +142837,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-13871", - "id": "pyup.io-43810", - "more_info_path": "/vulnerabilities/CVE-2020-13871/43810", + "cve": "CVE-2020-15204", + "id": "pyup.io-43794", + "more_info_path": "/vulnerabilities/CVE-2020-15204/43794", "specs": [ "<1.0.10" ], @@ -141389,9 +142847,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2020-15209", - "id": "pyup.io-43799", - "more_info_path": "/vulnerabilities/CVE-2020-15209/43799", + "cve": "CVE-2020-11655", + "id": "pyup.io-43807", + "more_info_path": "/vulnerabilities/CVE-2020-11655/43807", "specs": [ "<1.0.10" ], @@ -141399,9 +142857,9 @@ }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2018-20330", - "id": "pyup.io-43820", - "more_info_path": "/vulnerabilities/CVE-2018-20330/43820", + "cve": "CVE-2020-13871", + "id": "pyup.io-43810", + "more_info_path": "/vulnerabilities/CVE-2020-13871/43810", "specs": [ "<1.0.10" ], @@ -141447,16 +142905,6 @@ ], "v": "<1.0.10" }, - { - "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", - "cve": "CVE-2018-11770", - "id": "pyup.io-43822", - "more_info_path": "/vulnerabilities/CVE-2018-11770/43822", - "specs": [ - "<1.0.10" - ], - "v": "<1.0.10" - }, { "advisory": "Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.", "cve": "CVE-2019-13960", @@ -141467,26 +142915,6 @@ ], "v": "<1.0.10" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29579", - "id": "pyup.io-46163", - "more_info_path": "/vulnerabilities/CVE-2021-29579/46163", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29521", - "id": "pyup.io-46105", - "more_info_path": "/vulnerabilities/CVE-2021-29521/46105", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29609", @@ -141507,16 +142935,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29538", - "id": "pyup.io-46122", - "more_info_path": "/vulnerabilities/CVE-2021-29538/46122", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-41212", @@ -141657,16 +143075,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29611", - "id": "pyup.io-46196", - "more_info_path": "/vulnerabilities/CVE-2021-29611/46196", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29522", @@ -141677,26 +143085,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29597", - "id": "pyup.io-46181", - "more_info_path": "/vulnerabilities/CVE-2021-29597/46181", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41200", - "id": "pyup.io-46210", - "more_info_path": "/vulnerabilities/CVE-2021-41200/46210", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29535", @@ -141767,16 +143155,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41201", - "id": "pyup.io-46211", - "more_info_path": "/vulnerabilities/CVE-2021-41201/46211", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29546", @@ -141797,16 +143175,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29553", - "id": "pyup.io-46137", - "more_info_path": "/vulnerabilities/CVE-2021-29553/46137", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29516", @@ -141827,36 +143195,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29590", - "id": "pyup.io-46174", - "more_info_path": "/vulnerabilities/CVE-2021-29590/46174", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29517", - "id": "pyup.io-46101", - "more_info_path": "/vulnerabilities/CVE-2021-29517/46101", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2020-26271", - "id": "pyup.io-46084", - "more_info_path": "/vulnerabilities/CVE-2020-26271/46084", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29513", @@ -141869,19 +143207,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2020-15266", - "id": "pyup.io-46079", - "more_info_path": "/vulnerabilities/CVE-2020-15266/46079", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29577", - "id": "pyup.io-46161", - "more_info_path": "/vulnerabilities/CVE-2021-29577/46161", + "cve": "CVE-2020-26271", + "id": "pyup.io-46084", + "more_info_path": "/vulnerabilities/CVE-2020-26271/46084", "specs": [ "<1.2.0a0" ], @@ -141947,26 +143275,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29574", - "id": "pyup.io-46158", - "more_info_path": "/vulnerabilities/CVE-2021-29574/46158", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29555", - "id": "pyup.io-46139", - "more_info_path": "/vulnerabilities/CVE-2021-29555/46139", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29536", @@ -142039,9 +143347,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29525", - "id": "pyup.io-46109", - "more_info_path": "/vulnerabilities/CVE-2021-29525/46109", + "cve": "CVE-2021-29539", + "id": "pyup.io-46123", + "more_info_path": "/vulnerabilities/CVE-2021-29539/46123", "specs": [ "<1.2.0a0" ], @@ -142049,9 +143357,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29550", - "id": "pyup.io-46134", - "more_info_path": "/vulnerabilities/CVE-2021-29550/46134", + "cve": "CVE-2021-29610", + "id": "pyup.io-46195", + "more_info_path": "/vulnerabilities/CVE-2021-29610/46195", "specs": [ "<1.2.0a0" ], @@ -142059,9 +143367,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41206", - "id": "pyup.io-46216", - "more_info_path": "/vulnerabilities/CVE-2021-41206/46216", + "cve": "CVE-2021-29565", + "id": "pyup.io-46149", + "more_info_path": "/vulnerabilities/CVE-2021-29565/46149", "specs": [ "<1.2.0a0" ], @@ -142069,9 +143377,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29604", - "id": "pyup.io-46188", - "more_info_path": "/vulnerabilities/CVE-2021-29604/46188", + "cve": "CVE-2021-29595", + "id": "pyup.io-46179", + "more_info_path": "/vulnerabilities/CVE-2021-29595/46179", "specs": [ "<1.2.0a0" ], @@ -142079,9 +143387,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29539", - "id": "pyup.io-46123", - "more_info_path": "/vulnerabilities/CVE-2021-29539/46123", + "cve": "CVE-2021-29616", + "id": "pyup.io-46201", + "more_info_path": "/vulnerabilities/CVE-2021-29616/46201", "specs": [ "<1.2.0a0" ], @@ -142089,9 +143397,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29530", - "id": "pyup.io-46114", - "more_info_path": "/vulnerabilities/CVE-2021-29530/46114", + "cve": "CVE-2021-29529", + "id": "pyup.io-46113", + "more_info_path": "/vulnerabilities/CVE-2021-29529/46113", "specs": [ "<1.2.0a0" ], @@ -142099,9 +143407,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29610", - "id": "pyup.io-46195", - "more_info_path": "/vulnerabilities/CVE-2021-29610/46195", + "cve": "CVE-2020-26268", + "id": "pyup.io-46082", + "more_info_path": "/vulnerabilities/CVE-2020-26268/46082", "specs": [ "<1.2.0a0" ], @@ -142109,9 +143417,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29565", - "id": "pyup.io-46149", - "more_info_path": "/vulnerabilities/CVE-2021-29565/46149", + "cve": "CVE-2021-41211", + "id": "pyup.io-46221", + "more_info_path": "/vulnerabilities/CVE-2021-41211/46221", "specs": [ "<1.2.0a0" ], @@ -142119,9 +143427,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29595", - "id": "pyup.io-46179", - "more_info_path": "/vulnerabilities/CVE-2021-29595/46179", + "cve": "CVE-2021-41198", + "id": "pyup.io-46208", + "more_info_path": "/vulnerabilities/CVE-2021-41198/46208", "specs": [ "<1.2.0a0" ], @@ -142129,9 +143437,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29607", - "id": "pyup.io-46191", - "more_info_path": "/vulnerabilities/CVE-2021-29607/46191", + "cve": "CVE-2021-41215", + "id": "pyup.io-46225", + "more_info_path": "/vulnerabilities/CVE-2021-41215/46225", "specs": [ "<1.2.0a0" ], @@ -142139,9 +143447,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29616", - "id": "pyup.io-46201", - "more_info_path": "/vulnerabilities/CVE-2021-29616/46201", + "cve": "CVE-2021-29545", + "id": "pyup.io-46129", + "more_info_path": "/vulnerabilities/CVE-2021-29545/46129", "specs": [ "<1.2.0a0" ], @@ -142149,9 +143457,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29529", - "id": "pyup.io-46113", - "more_info_path": "/vulnerabilities/CVE-2021-29529/46113", + "cve": "CVE-2021-29560", + "id": "pyup.io-46144", + "more_info_path": "/vulnerabilities/CVE-2021-29560/46144", "specs": [ "<1.2.0a0" ], @@ -142159,9 +143467,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2020-26268", - "id": "pyup.io-46082", - "more_info_path": "/vulnerabilities/CVE-2020-26268/46082", + "cve": "CVE-2021-29591", + "id": "pyup.io-46175", + "more_info_path": "/vulnerabilities/CVE-2021-29591/46175", "specs": [ "<1.2.0a0" ], @@ -142169,9 +143477,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29520", - "id": "pyup.io-46104", - "more_info_path": "/vulnerabilities/CVE-2021-29520/46104", + "cve": "CVE-2021-41204", + "id": "pyup.io-46214", + "more_info_path": "/vulnerabilities/CVE-2021-41204/46214", "specs": [ "<1.2.0a0" ], @@ -142179,9 +143487,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41222", - "id": "pyup.io-46231", - "more_info_path": "/vulnerabilities/CVE-2021-41222/46231", + "cve": "CVE-2021-41199", + "id": "pyup.io-46209", + "more_info_path": "/vulnerabilities/CVE-2021-41199/46209", "specs": [ "<1.2.0a0" ], @@ -142189,9 +143497,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41211", - "id": "pyup.io-46221", - "more_info_path": "/vulnerabilities/CVE-2021-41211/46221", + "cve": "CVE-2021-29518", + "id": "pyup.io-46102", + "more_info_path": "/vulnerabilities/CVE-2021-29518/46102", "specs": [ "<1.2.0a0" ], @@ -142199,9 +143507,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2020-26267", - "id": "pyup.io-46081", - "more_info_path": "/vulnerabilities/CVE-2020-26267/46081", + "cve": "CVE-2021-41208", + "id": "pyup.io-46218", + "more_info_path": "/vulnerabilities/CVE-2021-41208/46218", "specs": [ "<1.2.0a0" ], @@ -142209,9 +143517,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41205", - "id": "pyup.io-46215", - "more_info_path": "/vulnerabilities/CVE-2021-41205/46215", + "cve": "CVE-2021-29532", + "id": "pyup.io-46116", + "more_info_path": "/vulnerabilities/CVE-2021-29532/46116", "specs": [ "<1.2.0a0" ], @@ -142219,9 +143527,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41198", - "id": "pyup.io-46208", - "more_info_path": "/vulnerabilities/CVE-2021-41198/46208", + "cve": "CVE-2021-29544", + "id": "pyup.io-46128", + "more_info_path": "/vulnerabilities/CVE-2021-29544/46128", "specs": [ "<1.2.0a0" ], @@ -142229,9 +143537,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29587", - "id": "pyup.io-46171", - "more_info_path": "/vulnerabilities/CVE-2021-29587/46171", + "cve": "CVE-2020-8284", + "id": "pyup.io-46088", + "more_info_path": "/vulnerabilities/CVE-2020-8284/46088", "specs": [ "<1.2.0a0" ], @@ -142239,9 +143547,319 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41215", - "id": "pyup.io-46225", - "more_info_path": "/vulnerabilities/CVE-2021-41215/46225", + "cve": "CVE-2021-29584", + "id": "pyup.io-46168", + "more_info_path": "/vulnerabilities/CVE-2021-29584/46168", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29588", + "id": "pyup.io-46172", + "more_info_path": "/vulnerabilities/CVE-2021-29588/46172", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-22925", + "id": "pyup.io-46094", + "more_info_path": "/vulnerabilities/CVE-2021-22925/46094", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-22923", + "id": "pyup.io-46092", + "more_info_path": "/vulnerabilities/CVE-2021-22923/46092", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-41226", + "id": "pyup.io-46235", + "more_info_path": "/vulnerabilities/CVE-2021-41226/46235", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29533", + "id": "pyup.io-46117", + "more_info_path": "/vulnerabilities/CVE-2021-29533/46117", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29589", + "id": "pyup.io-46173", + "more_info_path": "/vulnerabilities/CVE-2021-29589/46173", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29579", + "id": "pyup.io-46163", + "more_info_path": "/vulnerabilities/CVE-2021-29579/46163", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29521", + "id": "pyup.io-46105", + "more_info_path": "/vulnerabilities/CVE-2021-29521/46105", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29538", + "id": "pyup.io-46122", + "more_info_path": "/vulnerabilities/CVE-2021-29538/46122", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29611", + "id": "pyup.io-46196", + "more_info_path": "/vulnerabilities/CVE-2021-29611/46196", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29597", + "id": "pyup.io-46181", + "more_info_path": "/vulnerabilities/CVE-2021-29597/46181", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-41200", + "id": "pyup.io-46210", + "more_info_path": "/vulnerabilities/CVE-2021-41200/46210", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-41201", + "id": "pyup.io-46211", + "more_info_path": "/vulnerabilities/CVE-2021-41201/46211", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29553", + "id": "pyup.io-46137", + "more_info_path": "/vulnerabilities/CVE-2021-29553/46137", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29590", + "id": "pyup.io-46174", + "more_info_path": "/vulnerabilities/CVE-2021-29590/46174", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29517", + "id": "pyup.io-46101", + "more_info_path": "/vulnerabilities/CVE-2021-29517/46101", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2020-15266", + "id": "pyup.io-46079", + "more_info_path": "/vulnerabilities/CVE-2020-15266/46079", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29577", + "id": "pyup.io-46161", + "more_info_path": "/vulnerabilities/CVE-2021-29577/46161", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29574", + "id": "pyup.io-46158", + "more_info_path": "/vulnerabilities/CVE-2021-29574/46158", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29555", + "id": "pyup.io-46139", + "more_info_path": "/vulnerabilities/CVE-2021-29555/46139", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29525", + "id": "pyup.io-46109", + "more_info_path": "/vulnerabilities/CVE-2021-29525/46109", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29550", + "id": "pyup.io-46134", + "more_info_path": "/vulnerabilities/CVE-2021-29550/46134", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-41206", + "id": "pyup.io-46216", + "more_info_path": "/vulnerabilities/CVE-2021-41206/46216", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29604", + "id": "pyup.io-46188", + "more_info_path": "/vulnerabilities/CVE-2021-29604/46188", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29530", + "id": "pyup.io-46114", + "more_info_path": "/vulnerabilities/CVE-2021-29530/46114", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29607", + "id": "pyup.io-46191", + "more_info_path": "/vulnerabilities/CVE-2021-29607/46191", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29520", + "id": "pyup.io-46104", + "more_info_path": "/vulnerabilities/CVE-2021-29520/46104", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-41222", + "id": "pyup.io-46231", + "more_info_path": "/vulnerabilities/CVE-2021-41222/46231", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2020-26267", + "id": "pyup.io-46081", + "more_info_path": "/vulnerabilities/CVE-2020-26267/46081", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-41205", + "id": "pyup.io-46215", + "more_info_path": "/vulnerabilities/CVE-2021-41205/46215", + "specs": [ + "<1.2.0a0" + ], + "v": "<1.2.0a0" + }, + { + "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", + "cve": "CVE-2021-29587", + "id": "pyup.io-46171", + "more_info_path": "/vulnerabilities/CVE-2021-29587/46171", "specs": [ "<1.2.0a0" ], @@ -142287,16 +143905,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29545", - "id": "pyup.io-46129", - "more_info_path": "/vulnerabilities/CVE-2021-29545/46129", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29598", @@ -142307,16 +143915,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29560", - "id": "pyup.io-46144", - "more_info_path": "/vulnerabilities/CVE-2021-29560/46144", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29568", @@ -142327,26 +143925,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29591", - "id": "pyup.io-46175", - "more_info_path": "/vulnerabilities/CVE-2021-29591/46175", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41204", - "id": "pyup.io-46214", - "more_info_path": "/vulnerabilities/CVE-2021-41204/46214", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-41210", @@ -142357,16 +143935,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41199", - "id": "pyup.io-46209", - "more_info_path": "/vulnerabilities/CVE-2021-41199/46209", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29586", @@ -142389,49 +143957,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29518", - "id": "pyup.io-46102", - "more_info_path": "/vulnerabilities/CVE-2021-29518/46102", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41208", - "id": "pyup.io-46218", - "more_info_path": "/vulnerabilities/CVE-2021-41208/46218", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29532", - "id": "pyup.io-46116", - "more_info_path": "/vulnerabilities/CVE-2021-29532/46116", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29544", - "id": "pyup.io-46128", - "more_info_path": "/vulnerabilities/CVE-2021-29544/46128", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2020-8284", - "id": "pyup.io-46088", - "more_info_path": "/vulnerabilities/CVE-2020-8284/46088", + "cve": "CVE-2021-29600", + "id": "pyup.io-46184", + "more_info_path": "/vulnerabilities/CVE-2021-29600/46184", "specs": [ "<1.2.0a0" ], @@ -142439,9 +143967,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29584", - "id": "pyup.io-46168", - "more_info_path": "/vulnerabilities/CVE-2021-29584/46168", + "cve": "CVE-2019-20838", + "id": "pyup.io-46074", + "more_info_path": "/vulnerabilities/CVE-2019-20838/46074", "specs": [ "<1.2.0a0" ], @@ -142449,9 +143977,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29600", - "id": "pyup.io-46184", - "more_info_path": "/vulnerabilities/CVE-2021-29600/46184", + "cve": "CVE-2021-22922", + "id": "pyup.io-46091", + "more_info_path": "/vulnerabilities/CVE-2021-22922/46091", "specs": [ "<1.2.0a0" ], @@ -142459,9 +143987,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29588", - "id": "pyup.io-46172", - "more_info_path": "/vulnerabilities/CVE-2021-29588/46172", + "cve": "CVE-2021-29523", + "id": "pyup.io-46107", + "more_info_path": "/vulnerabilities/CVE-2021-29523/46107", "specs": [ "<1.2.0a0" ], @@ -142469,9 +143997,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2019-20838", - "id": "pyup.io-46074", - "more_info_path": "/vulnerabilities/CVE-2019-20838/46074", + "cve": "CVE-2020-15250", + "id": "pyup.io-46077", + "more_info_path": "/vulnerabilities/CVE-2020-15250/46077", "specs": [ "<1.2.0a0" ], @@ -142479,9 +144007,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-22922", - "id": "pyup.io-46091", - "more_info_path": "/vulnerabilities/CVE-2021-22922/46091", + "cve": "CVE-2020-8286", + "id": "pyup.io-46090", + "more_info_path": "/vulnerabilities/CVE-2020-8286/46090", "specs": [ "<1.2.0a0" ], @@ -142489,9 +144017,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2020-15250", - "id": "pyup.io-46077", - "more_info_path": "/vulnerabilities/CVE-2020-15250/46077", + "cve": "CVE-2021-29537", + "id": "pyup.io-46121", + "more_info_path": "/vulnerabilities/CVE-2021-29537/46121", "specs": [ "<1.2.0a0" ], @@ -142499,9 +144027,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-22925", - "id": "pyup.io-46094", - "more_info_path": "/vulnerabilities/CVE-2021-22925/46094", + "cve": "CVE-2021-22924", + "id": "pyup.io-46093", + "more_info_path": "/vulnerabilities/CVE-2021-22924/46093", "specs": [ "<1.2.0a0" ], @@ -142509,9 +144037,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-22923", - "id": "pyup.io-46092", - "more_info_path": "/vulnerabilities/CVE-2021-22923/46092", + "cve": "CVE-2021-29594", + "id": "pyup.io-46178", + "more_info_path": "/vulnerabilities/CVE-2021-29594/46178", "specs": [ "<1.2.0a0" ], @@ -142519,9 +144047,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41226", - "id": "pyup.io-46235", - "more_info_path": "/vulnerabilities/CVE-2021-41226/46235", + "cve": "CVE-2021-29582", + "id": "pyup.io-46166", + "more_info_path": "/vulnerabilities/CVE-2021-29582/46166", "specs": [ "<1.2.0a0" ], @@ -142529,9 +144057,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2020-8286", - "id": "pyup.io-46090", - "more_info_path": "/vulnerabilities/CVE-2020-8286/46090", + "cve": "CVE-2021-29563", + "id": "pyup.io-46147", + "more_info_path": "/vulnerabilities/CVE-2021-29563/46147", "specs": [ "<1.2.0a0" ], @@ -142539,9 +144067,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29537", - "id": "pyup.io-46121", - "more_info_path": "/vulnerabilities/CVE-2021-29537/46121", + "cve": "CVE-2021-29541", + "id": "pyup.io-46125", + "more_info_path": "/vulnerabilities/CVE-2021-29541/46125", "specs": [ "<1.2.0a0" ], @@ -142549,9 +144077,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29533", - "id": "pyup.io-46117", - "more_info_path": "/vulnerabilities/CVE-2021-29533/46117", + "cve": "CVE-2021-29562", + "id": "pyup.io-46146", + "more_info_path": "/vulnerabilities/CVE-2021-29562/46146", "specs": [ "<1.2.0a0" ], @@ -142559,9 +144087,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-22924", - "id": "pyup.io-46093", - "more_info_path": "/vulnerabilities/CVE-2021-22924/46093", + "cve": "CVE-2021-29547", + "id": "pyup.io-46131", + "more_info_path": "/vulnerabilities/CVE-2021-29547/46131", "specs": [ "<1.2.0a0" ], @@ -142569,9 +144097,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29589", - "id": "pyup.io-46173", - "more_info_path": "/vulnerabilities/CVE-2021-29589/46173", + "cve": "CVE-2021-29514", + "id": "pyup.io-46098", + "more_info_path": "/vulnerabilities/CVE-2021-29514/46098", "specs": [ "<1.2.0a0" ], @@ -142579,9 +144107,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29594", - "id": "pyup.io-46178", - "more_info_path": "/vulnerabilities/CVE-2021-29594/46178", + "cve": "CVE-2021-29610", + "id": "pyup.io-46194", + "more_info_path": "/vulnerabilities/CVE-2021-29610/46194", "specs": [ "<1.2.0a0" ], @@ -142589,9 +144117,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29523", - "id": "pyup.io-46107", - "more_info_path": "/vulnerabilities/CVE-2021-29523/46107", + "cve": "CVE-2021-29531", + "id": "pyup.io-46115", + "more_info_path": "/vulnerabilities/CVE-2021-29531/46115", "specs": [ "<1.2.0a0" ], @@ -142599,9 +144127,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29563", - "id": "pyup.io-46147", - "more_info_path": "/vulnerabilities/CVE-2021-29563/46147", + "cve": "CVE-2021-29567", + "id": "pyup.io-46151", + "more_info_path": "/vulnerabilities/CVE-2021-29567/46151", "specs": [ "<1.2.0a0" ], @@ -142609,9 +144137,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29567", - "id": "pyup.io-46151", - "more_info_path": "/vulnerabilities/CVE-2021-29567/46151", + "cve": "CVE-2021-29571", + "id": "pyup.io-46155", + "more_info_path": "/vulnerabilities/CVE-2021-29571/46155", "specs": [ "<1.2.0a0" ], @@ -142619,9 +144147,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29571", - "id": "pyup.io-46155", - "more_info_path": "/vulnerabilities/CVE-2021-29571/46155", + "cve": "CVE-2020-13790", + "id": "pyup.io-46075", + "more_info_path": "/vulnerabilities/CVE-2020-13790/46075", "specs": [ "<1.2.0a0" ], @@ -142697,26 +144225,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29582", - "id": "pyup.io-46166", - "more_info_path": "/vulnerabilities/CVE-2021-29582/46166", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29541", - "id": "pyup.io-46125", - "more_info_path": "/vulnerabilities/CVE-2021-29541/46125", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29613", @@ -142727,16 +144235,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29562", - "id": "pyup.io-46146", - "more_info_path": "/vulnerabilities/CVE-2021-29562/46146", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29551", @@ -142757,16 +144255,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-41214", - "id": "pyup.io-46224", - "more_info_path": "/vulnerabilities/CVE-2021-41214/46224", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29548", @@ -142779,9 +144267,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29547", - "id": "pyup.io-46131", - "more_info_path": "/vulnerabilities/CVE-2021-29547/46131", + "cve": "CVE-2021-41214", + "id": "pyup.io-46224", + "more_info_path": "/vulnerabilities/CVE-2021-41214/46224", "specs": [ "<1.2.0a0" ], @@ -142789,9 +144277,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29599", - "id": "pyup.io-46183", - "more_info_path": "/vulnerabilities/CVE-2021-29599/46183", + "cve": "CVE-2021-29540", + "id": "pyup.io-46124", + "more_info_path": "/vulnerabilities/CVE-2021-29540/46124", "specs": [ "<1.2.0a0" ], @@ -142799,9 +144287,9 @@ }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29540", - "id": "pyup.io-46124", - "more_info_path": "/vulnerabilities/CVE-2021-29540/46124", + "cve": "CVE-2021-29599", + "id": "pyup.io-46183", + "more_info_path": "/vulnerabilities/CVE-2021-29599/46183", "specs": [ "<1.2.0a0" ], @@ -142847,16 +144335,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29514", - "id": "pyup.io-46098", - "more_info_path": "/vulnerabilities/CVE-2021-29514/46098", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29515", @@ -142877,16 +144355,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29610", - "id": "pyup.io-46194", - "more_info_path": "/vulnerabilities/CVE-2021-29610/46194", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29615", @@ -142897,16 +144365,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2021-29531", - "id": "pyup.io-46115", - "more_info_path": "/vulnerabilities/CVE-2021-29531/46115", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-41203", @@ -142917,16 +144375,6 @@ ], "v": "<1.2.0a0" }, - { - "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", - "cve": "CVE-2020-13790", - "id": "pyup.io-46075", - "more_info_path": "/vulnerabilities/CVE-2020-13790/46075", - "specs": [ - "<1.2.0a0" - ], - "v": "<1.2.0a0" - }, { "advisory": "Sleap 1.2.0a0 updates its dependency 'TensorFlow' to v2.7.0 to include security fixes.", "cve": "CVE-2021-29528", @@ -143127,16 +144575,6 @@ ], "v": "<1.2.0a6" }, - { - "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21734", - "id": "pyup.io-46512", - "more_info_path": "/vulnerabilities/CVE-2022-21734/46512", - "specs": [ - "<1.2.0a6" - ], - "v": "<1.2.0a6" - }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", "cve": "CVE-2022-23590", @@ -143149,9 +144587,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23575", - "id": "pyup.io-46538", - "more_info_path": "/vulnerabilities/CVE-2022-23575/46538", + "cve": "CVE-2022-21734", + "id": "pyup.io-46512", + "more_info_path": "/vulnerabilities/CVE-2022-21734/46512", "specs": [ "<1.2.0a6" ], @@ -143169,9 +144607,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23583", - "id": "pyup.io-46546", - "more_info_path": "/vulnerabilities/CVE-2022-23583/46546", + "cve": "CVE-2022-23575", + "id": "pyup.io-46538", + "more_info_path": "/vulnerabilities/CVE-2022-23575/46538", "specs": [ "<1.2.0a6" ], @@ -143199,9 +144637,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23582", - "id": "pyup.io-46545", - "more_info_path": "/vulnerabilities/CVE-2022-23582/46545", + "cve": "CVE-2022-23589", + "id": "pyup.io-46552", + "more_info_path": "/vulnerabilities/CVE-2022-23589/46552", "specs": [ "<1.2.0a6" ], @@ -143209,9 +144647,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23589", - "id": "pyup.io-46552", - "more_info_path": "/vulnerabilities/CVE-2022-23589/46552", + "cve": "CVE-2022-23582", + "id": "pyup.io-46545", + "more_info_path": "/vulnerabilities/CVE-2022-23582/46545", "specs": [ "<1.2.0a6" ], @@ -143257,6 +144695,16 @@ ], "v": "<1.2.0a6" }, + { + "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", + "cve": "CVE-2022-21726", + "id": "pyup.io-46504", + "more_info_path": "/vulnerabilities/CVE-2022-21726/46504", + "specs": [ + "<1.2.0a6" + ], + "v": "<1.2.0a6" + }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", "cve": "CVE-2022-23574", @@ -143269,9 +144717,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21726", - "id": "pyup.io-46504", - "more_info_path": "/vulnerabilities/CVE-2022-21726/46504", + "cve": "CVE-2022-23566", + "id": "pyup.io-46529", + "more_info_path": "/vulnerabilities/CVE-2022-23566/46529", "specs": [ "<1.2.0a6" ], @@ -143279,9 +144727,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23576", - "id": "pyup.io-46539", - "more_info_path": "/vulnerabilities/CVE-2022-23576/46539", + "cve": "CVE-2022-21732", + "id": "pyup.io-46510", + "more_info_path": "/vulnerabilities/CVE-2022-21732/46510", "specs": [ "<1.2.0a6" ], @@ -143289,9 +144737,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21741", - "id": "pyup.io-46519", - "more_info_path": "/vulnerabilities/CVE-2022-21741/46519", + "cve": "CVE-2022-23580", + "id": "pyup.io-46543", + "more_info_path": "/vulnerabilities/CVE-2022-23580/46543", "specs": [ "<1.2.0a6" ], @@ -143299,9 +144747,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23566", - "id": "pyup.io-46529", - "more_info_path": "/vulnerabilities/CVE-2022-23566/46529", + "cve": "CVE-2022-23565", + "id": "pyup.io-46528", + "more_info_path": "/vulnerabilities/CVE-2022-23565/46528", "specs": [ "<1.2.0a6" ], @@ -143309,9 +144757,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23578", - "id": "pyup.io-46541", - "more_info_path": "/vulnerabilities/CVE-2022-23578/46541", + "cve": "CVE-2022-21725", + "id": "pyup.io-46503", + "more_info_path": "/vulnerabilities/CVE-2022-21725/46503", "specs": [ "<1.2.0a6" ], @@ -143319,9 +144767,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23595", - "id": "pyup.io-46556", - "more_info_path": "/vulnerabilities/CVE-2022-23595/46556", + "cve": "CVE-2022-21738", + "id": "pyup.io-46516", + "more_info_path": "/vulnerabilities/CVE-2022-21738/46516", "specs": [ "<1.2.0a6" ], @@ -143329,9 +144777,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21732", - "id": "pyup.io-46510", - "more_info_path": "/vulnerabilities/CVE-2022-21732/46510", + "cve": "CVE-2022-23561", + "id": "pyup.io-46524", + "more_info_path": "/vulnerabilities/CVE-2022-23561/46524", "specs": [ "<1.2.0a6" ], @@ -143339,9 +144787,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21736", - "id": "pyup.io-46514", - "more_info_path": "/vulnerabilities/CVE-2022-21736/46514", + "cve": "CVE-2022-23570", + "id": "pyup.io-46533", + "more_info_path": "/vulnerabilities/CVE-2022-23570/46533", "specs": [ "<1.2.0a6" ], @@ -143349,9 +144797,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23569", - "id": "pyup.io-46532", - "more_info_path": "/vulnerabilities/CVE-2022-23569/46532", + "cve": "CVE-2022-23587", + "id": "pyup.io-46550", + "more_info_path": "/vulnerabilities/CVE-2022-23587/46550", "specs": [ "<1.2.0a6" ], @@ -143359,9 +144807,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23563", - "id": "pyup.io-46526", - "more_info_path": "/vulnerabilities/CVE-2022-23563/46526", + "cve": "CVE-2022-23583", + "id": "pyup.io-46546", + "more_info_path": "/vulnerabilities/CVE-2022-23583/46546", "specs": [ "<1.2.0a6" ], @@ -143369,9 +144817,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23580", - "id": "pyup.io-46543", - "more_info_path": "/vulnerabilities/CVE-2022-23580/46543", + "cve": "CVE-2022-23576", + "id": "pyup.io-46539", + "more_info_path": "/vulnerabilities/CVE-2022-23576/46539", "specs": [ "<1.2.0a6" ], @@ -143379,9 +144827,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23584", - "id": "pyup.io-46547", - "more_info_path": "/vulnerabilities/CVE-2022-23584/46547", + "cve": "CVE-2022-21741", + "id": "pyup.io-46519", + "more_info_path": "/vulnerabilities/CVE-2022-21741/46519", "specs": [ "<1.2.0a6" ], @@ -143389,9 +144837,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23565", - "id": "pyup.io-46528", - "more_info_path": "/vulnerabilities/CVE-2022-23565/46528", + "cve": "CVE-2022-23578", + "id": "pyup.io-46541", + "more_info_path": "/vulnerabilities/CVE-2022-23578/46541", "specs": [ "<1.2.0a6" ], @@ -143399,9 +144847,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21727", - "id": "pyup.io-46505", - "more_info_path": "/vulnerabilities/CVE-2022-21727/46505", + "cve": "CVE-2022-23595", + "id": "pyup.io-46556", + "more_info_path": "/vulnerabilities/CVE-2022-23595/46556", "specs": [ "<1.2.0a6" ], @@ -143409,9 +144857,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21725", - "id": "pyup.io-46503", - "more_info_path": "/vulnerabilities/CVE-2022-21725/46503", + "cve": "CVE-2022-21736", + "id": "pyup.io-46514", + "more_info_path": "/vulnerabilities/CVE-2022-21736/46514", "specs": [ "<1.2.0a6" ], @@ -143419,9 +144867,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23594", - "id": "pyup.io-46555", - "more_info_path": "/vulnerabilities/CVE-2022-23594/46555", + "cve": "CVE-2022-23569", + "id": "pyup.io-46532", + "more_info_path": "/vulnerabilities/CVE-2022-23569/46532", "specs": [ "<1.2.0a6" ], @@ -143429,9 +144877,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21735", - "id": "pyup.io-46513", - "more_info_path": "/vulnerabilities/CVE-2022-21735/46513", + "cve": "CVE-2022-23563", + "id": "pyup.io-46526", + "more_info_path": "/vulnerabilities/CVE-2022-23563/46526", "specs": [ "<1.2.0a6" ], @@ -143439,9 +144887,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21738", - "id": "pyup.io-46516", - "more_info_path": "/vulnerabilities/CVE-2022-21738/46516", + "cve": "CVE-2022-23584", + "id": "pyup.io-46547", + "more_info_path": "/vulnerabilities/CVE-2022-23584/46547", "specs": [ "<1.2.0a6" ], @@ -143449,9 +144897,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23561", - "id": "pyup.io-46524", - "more_info_path": "/vulnerabilities/CVE-2022-23561/46524", + "cve": "CVE-2022-21727", + "id": "pyup.io-46505", + "more_info_path": "/vulnerabilities/CVE-2022-21727/46505", "specs": [ "<1.2.0a6" ], @@ -143459,9 +144907,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23559", - "id": "pyup.io-46522", - "more_info_path": "/vulnerabilities/CVE-2022-23559/46522", + "cve": "CVE-2022-23594", + "id": "pyup.io-46555", + "more_info_path": "/vulnerabilities/CVE-2022-23594/46555", "specs": [ "<1.2.0a6" ], @@ -143469,9 +144917,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23570", - "id": "pyup.io-46533", - "more_info_path": "/vulnerabilities/CVE-2022-23570/46533", + "cve": "CVE-2022-21735", + "id": "pyup.io-46513", + "more_info_path": "/vulnerabilities/CVE-2022-21735/46513", "specs": [ "<1.2.0a6" ], @@ -143479,9 +144927,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23587", - "id": "pyup.io-46550", - "more_info_path": "/vulnerabilities/CVE-2022-23587/46550", + "cve": "CVE-2022-23559", + "id": "pyup.io-46522", + "more_info_path": "/vulnerabilities/CVE-2022-23559/46522", "specs": [ "<1.2.0a6" ], @@ -143507,6 +144955,16 @@ ], "v": "<1.2.0a6" }, + { + "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", + "cve": "CVE-2022-23588", + "id": "pyup.io-46551", + "more_info_path": "/vulnerabilities/CVE-2022-23588/46551", + "specs": [ + "<1.2.0a6" + ], + "v": "<1.2.0a6" + }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", "cve": "CVE-2022-23579", @@ -143519,9 +144977,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21740", - "id": "pyup.io-46518", - "more_info_path": "/vulnerabilities/CVE-2022-21740/46518", + "cve": "CVE-2022-23567", + "id": "pyup.io-46530", + "more_info_path": "/vulnerabilities/CVE-2022-23567/46530", "specs": [ "<1.2.0a6" ], @@ -143529,9 +144987,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23588", - "id": "pyup.io-46551", - "more_info_path": "/vulnerabilities/CVE-2022-23588/46551", + "cve": "CVE-2022-23564", + "id": "pyup.io-46527", + "more_info_path": "/vulnerabilities/CVE-2022-23564/46527", "specs": [ "<1.2.0a6" ], @@ -143539,9 +144997,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21733", - "id": "pyup.io-46511", - "more_info_path": "/vulnerabilities/CVE-2022-21733/46511", + "cve": "CVE-2022-23558", + "id": "pyup.io-46521", + "more_info_path": "/vulnerabilities/CVE-2022-23558/46521", "specs": [ "<1.2.0a6" ], @@ -143549,9 +145007,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23567", - "id": "pyup.io-46530", - "more_info_path": "/vulnerabilities/CVE-2022-23567/46530", + "cve": "CVE-2022-21739", + "id": "pyup.io-46517", + "more_info_path": "/vulnerabilities/CVE-2022-21739/46517", "specs": [ "<1.2.0a6" ], @@ -143559,9 +145017,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23564", - "id": "pyup.io-46527", - "more_info_path": "/vulnerabilities/CVE-2022-23564/46527", + "cve": "CVE-2022-23577", + "id": "pyup.io-46540", + "more_info_path": "/vulnerabilities/CVE-2022-23577/46540", "specs": [ "<1.2.0a6" ], @@ -143569,9 +145027,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23591", - "id": "pyup.io-46554", - "more_info_path": "/vulnerabilities/CVE-2022-23591/46554", + "cve": "CVE-2022-21740", + "id": "pyup.io-46518", + "more_info_path": "/vulnerabilities/CVE-2022-21740/46518", "specs": [ "<1.2.0a6" ], @@ -143579,9 +145037,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23586", - "id": "pyup.io-46549", - "more_info_path": "/vulnerabilities/CVE-2022-23586/46549", + "cve": "CVE-2022-21733", + "id": "pyup.io-46511", + "more_info_path": "/vulnerabilities/CVE-2022-21733/46511", "specs": [ "<1.2.0a6" ], @@ -143589,9 +145047,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23568", - "id": "pyup.io-46531", - "more_info_path": "/vulnerabilities/CVE-2022-23568/46531", + "cve": "CVE-2022-23591", + "id": "pyup.io-46554", + "more_info_path": "/vulnerabilities/CVE-2022-23591/46554", "specs": [ "<1.2.0a6" ], @@ -143599,9 +145057,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23558", - "id": "pyup.io-46521", - "more_info_path": "/vulnerabilities/CVE-2022-23558/46521", + "cve": "CVE-2022-23586", + "id": "pyup.io-46549", + "more_info_path": "/vulnerabilities/CVE-2022-23586/46549", "specs": [ "<1.2.0a6" ], @@ -143609,9 +145067,9 @@ }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-21739", - "id": "pyup.io-46517", - "more_info_path": "/vulnerabilities/CVE-2022-21739/46517", + "cve": "CVE-2022-23568", + "id": "pyup.io-46531", + "more_info_path": "/vulnerabilities/CVE-2022-23568/46531", "specs": [ "<1.2.0a6" ], @@ -143637,16 +145095,6 @@ ], "v": "<1.2.0a6" }, - { - "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", - "cve": "CVE-2022-23577", - "id": "pyup.io-46540", - "more_info_path": "/vulnerabilities/CVE-2022-23577/46540", - "specs": [ - "<1.2.0a6" - ], - "v": "<1.2.0a6" - }, { "advisory": "Sleap 1.2.0a6 requires Tensorflow v2.6.3 to include security fixes.", "cve": "CVE-2022-23572", @@ -143726,6 +145174,18 @@ "v": ">=0,<2.0.1" } ], + "smac-fastapi-auth": [ + { + "advisory": "Smac-fastapi-auth versions prior to the update that bumps cryptography to 43.0.1 are potentially vulnerable to security issues, including CVE-2024-4603.", + "cve": "CVE-2024-4603", + "id": "pyup.io-73171", + "more_info_path": "/vulnerabilities/CVE-2024-4603/73171", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + } + ], "smart-app-framework": [ { "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'PyYAML' to version '6.0.1' to include a fix for an Arbitrary Code Execution vulnerability.", @@ -144249,16 +145709,6 @@ ], "v": "<2.2.4" }, - { - "advisory": "Snyk-tags version 2.2.4 updates its dependency on the cryptography library to version 42.0.4. This change is made to address the security issue identified asCVE-2023-49083.", - "cve": "CVE-2023-49083", - "id": "pyup.io-67581", - "more_info_path": "/vulnerabilities/CVE-2023-49083/67581", - "specs": [ - "<2.2.4" - ], - "v": "<2.2.4" - }, { "advisory": "Snyk-tags version 2.2.4 updates its dependency on the cryptography library to version 42.0.4. This change is made to address the security issue identified as CVE-2023-5678.", "cve": "CVE-2023-5678", @@ -144289,6 +145739,16 @@ ], "v": "<2.2.4" }, + { + "advisory": "Snyk-tags version 2.2.4 updates its dependency on the cryptography library to version 42.0.4. This change is made to address the security issue identified asCVE-2023-49083.", + "cve": "CVE-2023-49083", + "id": "pyup.io-67581", + "more_info_path": "/vulnerabilities/CVE-2023-49083/67581", + "specs": [ + "<2.2.4" + ], + "v": "<2.2.4" + }, { "advisory": "Snyk-tags version 2.2.4 updates its dependency on the cryptography library to version 42.0.4. This change is made to address the security issue identified as CVE-2023-6129.", "cve": "CVE-2023-6129", @@ -145822,6 +147282,18 @@ "v": "<1.2.0" } ], + "sqlite-vec": [ + { + "advisory": "Affected versions of sqlite-vec are vulnerable to heap-buffer overflow (CWE-125). This can result in memory corruption and application crashes when parsing specially crafted Numpy files. The vulnerability is triggered by an out-of-bounds read during token scanning in the npy_token_next function, caused by insufficient boundary checks before calling strncmp. Attackers can exploit this issue by supplying malicious Numpy files.", + "cve": "CVE-2024-46488", + "id": "pyup.io-73494", + "more_info_path": "/vulnerabilities/CVE-2024-46488/73494", + "specs": [ + "<0.1.3" + ], + "v": "<0.1.3" + } + ], "sqlite-web": [ { "advisory": "This affects all versions of the package sqlite-web. The SQL dashboard area allows sensitive actions to be performed without validating that the request originated from the application. This could enable an attacker to trick a user into performing these actions unknowingly through a Cross Site Request Forgery (CSRF) attack. See CVE-2021-23404.\r\nhttps://github.com/coleifer/sqlite-web/blob/2e7c85da3d37f80074ed3ae39b5851069b4f301c/sqlite_web/__main__.py%23L1", @@ -145834,6 +147306,18 @@ "v": ">=0" } ], + "sqlitedict": [ + { + "advisory": "SQLitedict, in all versions, contains an insecure deserialization vulnerability that could allow arbitrary code execution when loading untrusted database files. \r\n#NOTE: The maintainers have acknowledged the issue but opted not to patch it, instead recommending a warning to users about the risks of loading untrusted files.", + "cve": "CVE-2024-35515", + "id": "pyup.io-73282", + "more_info_path": "/vulnerabilities/CVE-2024-35515/73282", + "specs": [ + ">=0" + ], + "v": ">=0" + } + ], "sqllineage": [ { "advisory": "Sqllineage 1.5.3 updates its dependency 'sqlparse' to v0.5.0 to include a security fix.", @@ -146411,6 +147895,26 @@ ], "v": "<0.193.0" }, + { + "advisory": "Affected versions of Strawberry GraphQL are vulnerable to CWE-434: Unrestricted Upload of File with Dangerous Type and CWE-352: Cross-Site Request Forgery (CSRF). These issues allow attackers to upload malicious files or execute unauthorized actions through CSRF attacks. Multipart uploads were enabled by default, and CSRF protection was disabled for Django views. Exploitation involves submitting harmful files or crafting requests to bypass CSRF protections. Users should upgrade to the where multipart uploads are disabled by default, and CSRF protection is enforced, mitigating both vulnerabilities.", + "cve": "PVE-2024-73381", + "id": "pyup.io-73381", + "more_info_path": "/vulnerabilities/PVE-2024-73381/73381", + "specs": [ + "<0.243.0" + ], + "v": "<0.243.0" + }, + { + "advisory": "Affected versions of strawberry-graphql are vulnerable to Cross-Site Request Forgery (CSRF) and insufficient security in multipart file uploads. CSRF attacks allow unauthorized actions to be performed on behalf of authenticated users due to the implicit CSRF exemption in Strawberry\u2019s Django integration. Additionally, multipart uploads were enabled by default without proper security controls, making them susceptible to malicious file uploads. These issues are resolved by requiring explicit opt-in for multipart uploads and enforcing CSRF protection.", + "cve": "CVE-2024-47082", + "id": "pyup.io-73495", + "more_info_path": "/vulnerabilities/CVE-2024-47082/73495", + "specs": [ + "<0.243.0" + ], + "v": "<0.243.0" + }, { "advisory": "Strawberry-graphql 0.71.0 adds a query depth limit validation rule to guard against malicious queries.", "cve": "PVE-2021-41088", @@ -146448,20 +147952,20 @@ ], "streamlink": [ { - "advisory": "Streamlink 5.3.0 fixes a race condition that affected the proper closure and data flushing of substreams when being muxed using FFMPEG. The issue arose from the incorrect handling of substream buffers, which could result in missing data if the buffers weren't fully drained before the stream was closed. \r\nhttps://github.com/streamlink/streamlink/commit/546386208cf620e7dd90e400f953e0442ca3976d", - "cve": "PVE-2024-64212", - "id": "pyup.io-64212", - "more_info_path": "/vulnerabilities/PVE-2024-64212/64212", + "advisory": "Streamlink 5.3.0 fixes a race condition that was present in the DASH stream implementation, where queued segments were being downloaded even after the stream had been closed. This was addressed by ensuring that the downloading of segments is properly stopped when a stream is closed, preventing unnecessary network traffic and potential errors.\r\nhttps://github.com/streamlink/streamlink/commit/498efd523c10672d3c2224b71bb513e0907bbe6e", + "cve": "PVE-2024-64310", + "id": "pyup.io-64310", + "more_info_path": "/vulnerabilities/PVE-2024-64310/64310", "specs": [ "<5.3.0" ], "v": "<5.3.0" }, { - "advisory": "Streamlink 5.3.0 fixes a race condition that was present in the DASH stream implementation, where queued segments were being downloaded even after the stream had been closed. This was addressed by ensuring that the downloading of segments is properly stopped when a stream is closed, preventing unnecessary network traffic and potential errors.\r\nhttps://github.com/streamlink/streamlink/commit/498efd523c10672d3c2224b71bb513e0907bbe6e", - "cve": "PVE-2024-64310", - "id": "pyup.io-64310", - "more_info_path": "/vulnerabilities/PVE-2024-64310/64310", + "advisory": "Streamlink 5.3.0 fixes a race condition that affected the proper closure and data flushing of substreams when being muxed using FFMPEG. The issue arose from the incorrect handling of substream buffers, which could result in missing data if the buffers weren't fully drained before the stream was closed. \r\nhttps://github.com/streamlink/streamlink/commit/546386208cf620e7dd90e400f953e0442ca3976d", + "cve": "PVE-2024-64212", + "id": "pyup.io-64212", + "more_info_path": "/vulnerabilities/PVE-2024-64212/64212", "specs": [ "<5.3.0" ], @@ -147538,20 +149042,20 @@ "v": "<2.3.0rc1" }, { - "advisory": "OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.", - "cve": "CVE-2016-0737", - "id": "pyup.io-35656", - "more_info_path": "/vulnerabilities/CVE-2016-0737/35656", + "advisory": "OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.", + "cve": "CVE-2015-5223", + "id": "pyup.io-70415", + "more_info_path": "/vulnerabilities/CVE-2015-5223/70415", "specs": [ "<2.4.0" ], "v": "<2.4.0" }, { - "advisory": "OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.", - "cve": "CVE-2015-5223", - "id": "pyup.io-70415", - "more_info_path": "/vulnerabilities/CVE-2015-5223/70415", + "advisory": "OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.", + "cve": "CVE-2016-0737", + "id": "pyup.io-35656", + "more_info_path": "/vulnerabilities/CVE-2016-0737/35656", "specs": [ "<2.4.0" ], @@ -147720,40 +149224,40 @@ "v": "<0.8.4b4" }, { - "advisory": "Syft 0.8.4b4 updates its dependency 'certifi' to 2023.7.22 to include a security fix on the CVE-2023-37920.\r\nhttps://github.com/OpenMined/PySyft/pull/8356", - "cve": "CVE-2023-37920", - "id": "pyup.io-63096", - "more_info_path": "/vulnerabilities/CVE-2023-37920/63096", + "advisory": "Syft 0.8.4b4 updates its dependency 'sphinx' to 3.3.0 to include a security fix on the CVE-2020-11023.\r\nhttps://github.com/OpenMined/PySyft/pull/8356", + "cve": "CVE-2020-11023", + "id": "pyup.io-63101", + "more_info_path": "/vulnerabilities/CVE-2020-11023/63101", "specs": [ "<0.8.4b4" ], "v": "<0.8.4b4" }, { - "advisory": "Syft 0.8.4b4 updates its dependency 'pygments' to 2.15.0 to include a security fix on the CVE-2022-40896.\r\nhttps://github.com/OpenMined/PySyft/pull/8356", - "cve": "CVE-2022-40896", - "id": "pyup.io-63099", - "more_info_path": "/vulnerabilities/CVE-2022-40896/63099", + "advisory": "Syft 0.8.4b4 updates its dependency 'pygments' to 2.15.0 to include a security fix on the CVE-2021-20270.\r\nhttps://github.com/OpenMined/PySyft/pull/8356", + "cve": "CVE-2021-20270", + "id": "pyup.io-63098", + "more_info_path": "/vulnerabilities/CVE-2021-20270/63098", "specs": [ "<0.8.4b4" ], "v": "<0.8.4b4" }, { - "advisory": "Syft 0.8.4b4 updates its dependency 'sphinx' to 3.3.0 to include a security fix on the CVE-2020-11023.\r\nhttps://github.com/OpenMined/PySyft/pull/8356", - "cve": "CVE-2020-11023", - "id": "pyup.io-63101", - "more_info_path": "/vulnerabilities/CVE-2020-11023/63101", + "advisory": "Syft 0.8.4b4 updates its dependency 'certifi' to 2023.7.22 to include a security fix on the CVE-2023-37920.\r\nhttps://github.com/OpenMined/PySyft/pull/8356", + "cve": "CVE-2023-37920", + "id": "pyup.io-63096", + "more_info_path": "/vulnerabilities/CVE-2023-37920/63096", "specs": [ "<0.8.4b4" ], "v": "<0.8.4b4" }, { - "advisory": "Syft 0.8.4b4 updates its dependency 'pygments' to 2.15.0 to include a security fix on the CVE-2021-20270.\r\nhttps://github.com/OpenMined/PySyft/pull/8356", - "cve": "CVE-2021-20270", - "id": "pyup.io-63098", - "more_info_path": "/vulnerabilities/CVE-2021-20270/63098", + "advisory": "Syft 0.8.4b4 updates its dependency 'pygments' to 2.15.0 to include a security fix on the CVE-2022-40896.\r\nhttps://github.com/OpenMined/PySyft/pull/8356", + "cve": "CVE-2022-40896", + "id": "pyup.io-63099", + "more_info_path": "/vulnerabilities/CVE-2022-40896/63099", "specs": [ "<0.8.4b4" ], @@ -148125,20 +149629,20 @@ "v": "<0.5.0" }, { - "advisory": "Syngen version 0.7.16 upgrades its mlflow dependency to version 2.10.* from 2.9.2 in response to the security vulnerability CVE-2023-6977.", - "cve": "CVE-2023-6977", - "id": "pyup.io-67017", - "more_info_path": "/vulnerabilities/CVE-2023-6977/67017", + "advisory": "Syngen version 0.7.16 upgrades its mlflow dependency to version 2.10.* from 2.9.2 in response to the security vulnerability CVE-2023-50447.", + "cve": "CVE-2023-50447", + "id": "pyup.io-67145", + "more_info_path": "/vulnerabilities/CVE-2023-50447/67145", "specs": [ "<0.7.16" ], "v": "<0.7.16" }, { - "advisory": "Syngen version 0.7.16 upgrades its mlflow dependency to version 2.10.* from 2.9.2 in response to the security vulnerability CVE-2023-50447.", - "cve": "CVE-2023-50447", - "id": "pyup.io-67145", - "more_info_path": "/vulnerabilities/CVE-2023-50447/67145", + "advisory": "Syngen version 0.7.16 upgrades its mlflow dependency to version 2.10.* from 2.9.2 in response to the security vulnerability CVE-2023-6977.", + "cve": "CVE-2023-6977", + "id": "pyup.io-67017", + "more_info_path": "/vulnerabilities/CVE-2023-6977/67017", "specs": [ "<0.7.16" ], @@ -148487,10 +149991,10 @@ ], "tap-rest-api-msdk": [ { - "advisory": "Tap-rest-api-msdk 1.3.2 updates its dependency 'cryptography' to version '41.0.3' to include a fix for an Insufficient Verification of Data Authenticity vulnerability.", - "cve": "CVE-2023-2975", - "id": "pyup.io-60222", - "more_info_path": "/vulnerabilities/CVE-2023-2975/60222", + "advisory": "Tap-rest-api-msdk 1.3.2 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/Widen/tap-rest-api-msdk/pull/38", + "cve": "CVE-2023-3817", + "id": "pyup.io-60210", + "more_info_path": "/vulnerabilities/CVE-2023-3817/60210", "specs": [ "<1.3.2" ], @@ -148507,10 +150011,10 @@ "v": "<1.3.2" }, { - "advisory": "Tap-rest-api-msdk 1.3.2 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/Widen/tap-rest-api-msdk/pull/38", - "cve": "CVE-2023-3817", - "id": "pyup.io-60210", - "more_info_path": "/vulnerabilities/CVE-2023-3817/60210", + "advisory": "Tap-rest-api-msdk 1.3.2 updates its dependency 'cryptography' to version '41.0.3' to include a fix for an Insufficient Verification of Data Authenticity vulnerability.", + "cve": "CVE-2023-2975", + "id": "pyup.io-60222", + "more_info_path": "/vulnerabilities/CVE-2023-2975/60222", "specs": [ "<1.3.2" ], @@ -149342,6 +150846,18 @@ ], "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, + { + "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 update its dependency \"Apache Spark\" to handle CVE-2018-11770.", + "cve": "CVE-2018-11770", + "id": "pyup.io-39826", + "more_info_path": "/vulnerabilities/CVE-2018-11770/39826", + "specs": [ + "<1.15.3", + ">=2.0.0a0,<2.0.2", + ">=2.1.0rc0,<2.1.1" + ], + "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" + }, { "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite3\" to handle CVE-2019-19244.", "cve": "CVE-2019-19244", @@ -149378,18 +150894,6 @@ ], "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, - { - "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 update its dependency \"Apache Spark\" to handle CVE-2018-11770.", - "cve": "CVE-2018-11770", - "id": "pyup.io-39826", - "more_info_path": "/vulnerabilities/CVE-2018-11770/39826", - "specs": [ - "<1.15.3", - ">=2.0.0a0,<2.0.2", - ">=2.1.0rc0,<2.1.1" - ], - "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" - }, { "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2019-13960.", "cve": "CVE-2019-13960", @@ -149472,6 +150976,20 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, + { + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15203: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the 'fill' argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a 'printf' call is constructed. This may result in segmentation fault.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79", + "cve": "CVE-2020-15203", + "id": "pyup.io-39942", + "more_info_path": "/vulnerabilities/CVE-2020-15203/39942", + "specs": [ + "<1.15.4", + ">=2.0.0a0,<2.0.3", + ">=2.1.0a0,<2.1.2", + ">=2.2.0a0,<2.2.1", + ">=2.3.0a0,<2.3.1" + ], + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" + }, { "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34", "cve": "CVE-2020-15207", @@ -149514,20 +151032,6 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, - { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15203: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the 'fill' argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a 'printf' call is constructed. This may result in segmentation fault.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79", - "cve": "CVE-2020-15203", - "id": "pyup.io-39942", - "more_info_path": "/vulnerabilities/CVE-2020-15203/39942", - "specs": [ - "<1.15.4", - ">=2.0.0a0,<2.0.3", - ">=2.1.0a0,<2.1.2", - ">=2.2.0a0,<2.2.1", - ">=2.3.0a0,<2.3.1" - ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" - }, { "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15202: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'Shard' API in TensorFlow expects the last argument to be a function taking two 'int64' (i.e., 'long long') arguments. However, there are several places in TensorFlow where a lambda taking 'int' or 'int32' arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4", "cve": "CVE-2020-15202", @@ -149596,10 +151100,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13435.", - "cve": "CVE-2020-13435", - "id": "pyup.io-39902", - "more_info_path": "/vulnerabilities/CVE-2020-13435/39902", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13631.", + "cve": "CVE-2020-13631", + "id": "pyup.io-39900", + "more_info_path": "/vulnerabilities/CVE-2020-13631/39900", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -149609,10 +151113,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", - "cve": "CVE-2020-13871", - "id": "pyup.io-39899", - "more_info_path": "/vulnerabilities/CVE-2020-13871/39899", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11656.", + "cve": "CVE-2020-11656", + "id": "pyup.io-39904", + "more_info_path": "/vulnerabilities/CVE-2020-11656/39904", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -149622,10 +151126,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13631.", - "cve": "CVE-2020-13631", - "id": "pyup.io-39900", - "more_info_path": "/vulnerabilities/CVE-2020-13631/39900", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13435.", + "cve": "CVE-2020-13435", + "id": "pyup.io-39902", + "more_info_path": "/vulnerabilities/CVE-2020-13435/39902", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -149635,10 +151139,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13630.", - "cve": "CVE-2020-13630", - "id": "pyup.io-39901", - "more_info_path": "/vulnerabilities/CVE-2020-13630/39901", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", + "cve": "CVE-2020-13871", + "id": "pyup.io-39899", + "more_info_path": "/vulnerabilities/CVE-2020-13871/39899", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -149648,10 +151152,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11656.", - "cve": "CVE-2020-11656", - "id": "pyup.io-39904", - "more_info_path": "/vulnerabilities/CVE-2020-11656/39904", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13630.", + "cve": "CVE-2020-13630", + "id": "pyup.io-39901", + "more_info_path": "/vulnerabilities/CVE-2020-13630/39901", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -149849,16 +151353,6 @@ ], "v": "<1.7.0a1" }, - { - "advisory": "Tensorflow 1.7.1 addresses a vulnerability where a specially crafted configuration file, if passed into the TensorFlow XLA compiler, could lead to invalid memory access or a heap buffer overflow.\r\nhttps://github.com/tensorflow/tensorflow/compare/v1.7.0...v1.7.1#diff-f78e350e35c0a0cb564854fc5af8e02e019273199c1a331a117219cfe531f957", - "cve": "PVE-2024-64297", - "id": "pyup.io-64297", - "more_info_path": "/vulnerabilities/PVE-2024-64297/64297", - "specs": [ - "<1.7.1" - ], - "v": "<1.7.1" - }, { "advisory": "Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. See CVE-2018-10055.", "cve": "CVE-2018-10055", @@ -149879,6 +151373,49 @@ ], "v": "<1.7.1" }, + { + "advisory": "Tensorflow 1.7.1 addresses a vulnerability where a specially crafted configuration file, if passed into the TensorFlow XLA compiler, could lead to invalid memory access or a heap buffer overflow.\r\nhttps://github.com/tensorflow/tensorflow/compare/v1.7.0...v1.7.1#diff-f78e350e35c0a0cb564854fc5af8e02e019273199c1a331a117219cfe531f957", + "cve": "PVE-2024-64297", + "id": "pyup.io-64297", + "more_info_path": "/vulnerabilities/PVE-2024-64297/64297", + "specs": [ + "<1.7.1" + ], + "v": "<1.7.1" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", + "cve": "CVE-2023-25676", + "id": "pyup.io-53862", + "more_info_path": "/vulnerabilities/CVE-2023-25676/53862", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", + "cve": "CVE-2023-25662", + "id": "pyup.io-53848", + "more_info_path": "/vulnerabilities/CVE-2023-25662/53848", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25670: Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", + "cve": "CVE-2023-25670", + "id": "pyup.io-53856", + "more_info_path": "/vulnerabilities/CVE-2023-25670/53856", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", "cve": "CVE-2023-25675", @@ -149978,17 +151515,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", - "cve": "CVE-2023-25676", - "id": "pyup.io-53862", - "more_info_path": "/vulnerabilities/CVE-2023-25676/53862", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", "cve": "CVE-2023-25663", @@ -150033,28 +151559,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", - "cve": "CVE-2023-25662", - "id": "pyup.io-53848", - "more_info_path": "/vulnerabilities/CVE-2023-25662/53848", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25670: Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", - "cve": "CVE-2023-25670", - "id": "pyup.io-53856", - "more_info_path": "/vulnerabilities/CVE-2023-25670/53856", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25665: Prior to versions 2.12.0 and 2.11.1, when 'SparseSparseMaximum' is given invalid sparse tensors as inputs, it can give a null pointer error.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", "cve": "CVE-2023-25665", @@ -150077,6 +151581,17 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25669: Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for 'tf.raw_ops.AvgPoolGrad', it can give a floating point exception.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", + "cve": "CVE-2023-25669", + "id": "pyup.io-53855", + "more_info_path": "/vulnerabilities/CVE-2023-25669/53855", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "cve": "CVE-2023-25672", @@ -150099,17 +151614,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25669: Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for 'tf.raw_ops.AvgPoolGrad', it can give a floating point exception.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", - "cve": "CVE-2023-25669", - "id": "pyup.io-53855", - "more_info_path": "/vulnerabilities/CVE-2023-25669/53855", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Affected versions of Tensorflow are vulnerable to Integer Overflow. array_ops.upper_bound' causes a segfault when not given a rank 2 tensor. The flaw was fixed in May 30, 2023, but the CVE was published in July 30, 2024. It was noticed unpublished by the Safety CLI Cyber Security team.", "cve": "CVE-2023-33976", @@ -150161,6 +151665,66 @@ ], "v": "<2.4.0" }, + { + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", + "cve": "CVE-2021-22924", + "id": "pyup.io-43748", + "more_info_path": "/vulnerabilities/CVE-2021-22924/43748", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\r\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", + "cve": "CVE-2021-41219", + "id": "pyup.io-42466", + "more_info_path": "/vulnerabilities/CVE-2021-41219/42466", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41216: In affected versions, the shape inference function for 'Transpose' is vulnerable to a heap buffer overflow. This occurs whenever 'perm' contains negative elements. The shape inference function does not validate that the indices in 'perm' are all valid. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9\r\nhttps://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", + "cve": "CVE-2021-41216", + "id": "pyup.io-42463", + "more_info_path": "/vulnerabilities/CVE-2021-41216/42463", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\r\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", + "cve": "CVE-2021-41217", + "id": "pyup.io-42464", + "more_info_path": "/vulnerabilities/CVE-2021-41217/42464", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41212: In affected versions, the shape inference code for 'tf.ragged.cross' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g\r\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41212", + "id": "pyup.io-42459", + "more_info_path": "/vulnerabilities/CVE-2021-41212/42459", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, { "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\r\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", "cve": "CVE-2021-41209", @@ -150245,18 +151809,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", - "cve": "CVE-2021-22924", - "id": "pyup.io-43748", - "more_info_path": "/vulnerabilities/CVE-2021-22924/43748", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41199: In affected versions, if 'tf.image.resize' is called with a large input argument then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", "cve": "CVE-2021-41199", @@ -150269,18 +151821,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\r\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", - "cve": "CVE-2021-41219", - "id": "pyup.io-42466", - "more_info_path": "/vulnerabilities/CVE-2021-41219/42466", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41210: In affected versions, the shape inference functions for 'SparseCountSparseOutput' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc\r\nhttps://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2", "cve": "CVE-2021-41210", @@ -150305,18 +151845,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41216: In affected versions, the shape inference function for 'Transpose' is vulnerable to a heap buffer overflow. This occurs whenever 'perm' contains negative elements. The shape inference function does not validate that the indices in 'perm' are all valid. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9\r\nhttps://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", - "cve": "CVE-2021-41216", - "id": "pyup.io-42463", - "more_info_path": "/vulnerabilities/CVE-2021-41216/42463", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41218: In affected versions, the shape inference code for 'AllToAll' can be made to execute a division by 0. This occurs whenever the 'split_count' argument is 0. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273\r\nhttps://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", "cve": "CVE-2021-41218", @@ -150366,10 +151894,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\r\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", - "cve": "CVE-2021-41217", - "id": "pyup.io-42464", - "more_info_path": "/vulnerabilities/CVE-2021-41217/42464", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", + "cve": "CVE-2021-22923", + "id": "pyup.io-43747", + "more_info_path": "/vulnerabilities/CVE-2021-22923/43747", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -150378,10 +151906,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41212: In affected versions, the shape inference code for 'tf.ragged.cross' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g\r\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41212", - "id": "pyup.io-42459", - "more_info_path": "/vulnerabilities/CVE-2021-41212/42459", + "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41225: In affected versions, TensorFlow's Grappler optimizer has a use of unitialized variable. If the 'train_nodes' vector (obtained from the saved model that gets optimized) does not contain a 'Dequeue' node, then 'dequeue_node' is left unitialized. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw\r\nhttps://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3", + "cve": "CVE-2021-41225", + "id": "pyup.io-42472", + "more_info_path": "/vulnerabilities/CVE-2021-41225/42472", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -150390,10 +151918,22 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", - "cve": "CVE-2021-22923", - "id": "pyup.io-43747", - "more_info_path": "/vulnerabilities/CVE-2021-22923/43747", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41203: In affected versions, an attacker can trigger undefined behavior, integer overflows, segfaults and 'CHECK'-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2", + "cve": "CVE-2021-41203", + "id": "pyup.io-42450", + "more_info_path": "/vulnerabilities/CVE-2021-41203/42450", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41202: In affected versions, while calculating the size of the output within the 'tf.range' kernel, there is a conditional statement of type 'int64 = condition ? int64 : double'. Due to C++ implicit conversion rules, both branches of the condition will be cast to 'double' and the result would be truncated before the assignment. This result in overflows. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", + "cve": "CVE-2021-41202", + "id": "pyup.io-42449", + "more_info_path": "/vulnerabilities/CVE-2021-41202/42449", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -150437,18 +151977,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41225: In affected versions, TensorFlow's Grappler optimizer has a use of unitialized variable. If the 'train_nodes' vector (obtained from the saved model that gets optimized) does not contain a 'Dequeue' node, then 'dequeue_node' is left unitialized. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw\r\nhttps://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3", - "cve": "CVE-2021-41225", - "id": "pyup.io-42472", - "more_info_path": "/vulnerabilities/CVE-2021-41225/42472", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41226: In affected versions, the implementation of 'SparseBinCount' is vulnerable to a heap OOB access. This is because of missing validation between the elements of the 'values' argument and the shape of the sparse output. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8\r\nhttps://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba", "cve": "CVE-2021-41226", @@ -150473,18 +152001,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41203: In affected versions, an attacker can trigger undefined behavior, integer overflows, segfaults and 'CHECK'-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2", - "cve": "CVE-2021-41203", - "id": "pyup.io-42450", - "more_info_path": "/vulnerabilities/CVE-2021-41203/42450", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22922.", "cve": "CVE-2021-22922", @@ -150545,18 +152061,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41202: In affected versions, while calculating the size of the output within the 'tf.range' kernel, there is a conditional statement of type 'int64 = condition ? int64 : double'. Due to C++ implicit conversion rules, both branches of the condition will be cast to 'double' and the result would be truncated before the assignment. This result in overflows. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", - "cve": "CVE-2021-41202", - "id": "pyup.io-42449", - "more_info_path": "/vulnerabilities/CVE-2021-41202/42449", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41198: In affected versions, if 'tf.tile' is called with a large input argument, then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q", "cve": "CVE-2021-41198", @@ -150618,6 +152122,71 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1" }, + { + "advisory": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23571", + "id": "pyup.io-44856", + "more_info_path": "/vulnerabilities/CVE-2022-23571/44856", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", + "cve": "CVE-2022-23581", + "id": "pyup.io-44866", + "more_info_path": "/vulnerabilities/CVE-2022-23581/44866", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", + "cve": "CVE-2022-23563", + "id": "pyup.io-44851", + "more_info_path": "/vulnerabilities/CVE-2022-23563/44851", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23576", + "id": "pyup.io-44861", + "more_info_path": "/vulnerabilities/CVE-2022-23576/44861", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23575", + "id": "pyup.io-44860", + "more_info_path": "/vulnerabilities/CVE-2022-23575/44860", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, { "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23569: Multiple operations in TensorFlow can be used to trigger a denial of service via 'CHECK'-fails (i.e., assertion failures). This is similar to CVE-2021-41197 and has a similar fix. It is possible that other similar instances exist.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh", "cve": "CVE-2022-23569", @@ -150748,19 +152317,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23571", - "id": "pyup.io-44856", - "more_info_path": "/vulnerabilities/CVE-2022-23571/44856", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", "cve": "CVE-2022-21739", @@ -150787,58 +152343,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", - "cve": "CVE-2022-23581", - "id": "pyup.io-44866", - "more_info_path": "/vulnerabilities/CVE-2022-23581/44866", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", - "cve": "CVE-2022-23563", - "id": "pyup.io-44851", - "more_info_path": "/vulnerabilities/CVE-2022-23563/44851", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23576", - "id": "pyup.io-44861", - "more_info_path": "/vulnerabilities/CVE-2022-23576/44861", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23575", - "id": "pyup.io-44860", - "more_info_path": "/vulnerabilities/CVE-2022-23575/44860", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", "cve": "CVE-2022-23582", @@ -150983,10 +152487,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21731: The implementation of shape inference for 'ConcatV2' can be used to trigger a denial of service attack via a segfault caused by a type confusion. The 'axis' argument is translated into 'concat_dim' in the 'ConcatShapeHelper' helper function. Then, a value for 'min_rank' is computed based on 'concat_dim'. This is then used to validate that the 'values' tensor has at least the required rank. However, 'WithRankAtLeast' receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that 'min_rank' is a 32-bits value and the value of 'axis', the 'rank' argument is a negative value, so the error check is bypassed.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", - "cve": "CVE-2022-21731", - "id": "pyup.io-44783", - "more_info_path": "/vulnerabilities/CVE-2022-21731/44783", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21738: The implementation of 'SparseCountSparseOutput' can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", + "cve": "CVE-2022-21738", + "id": "pyup.io-44790", + "more_info_path": "/vulnerabilities/CVE-2022-21738/44790", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -150996,10 +152500,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", - "cve": "CVE-2022-21728", - "id": "pyup.io-44780", - "more_info_path": "/vulnerabilities/CVE-2022-21728/44780", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", + "cve": "CVE-2022-21732", + "id": "pyup.io-44784", + "more_info_path": "/vulnerabilities/CVE-2022-21732/44784", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151009,10 +152513,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23584", - "id": "pyup.io-44869", - "more_info_path": "/vulnerabilities/CVE-2022-23584/44869", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", + "cve": "CVE-2022-23559", + "id": "pyup.io-44847", + "more_info_path": "/vulnerabilities/CVE-2022-23559/44847", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151022,10 +152526,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21738: The implementation of 'SparseCountSparseOutput' can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", - "cve": "CVE-2022-21738", - "id": "pyup.io-44790", - "more_info_path": "/vulnerabilities/CVE-2022-21738/44790", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", + "cve": "CVE-2022-23560", + "id": "pyup.io-44848", + "more_info_path": "/vulnerabilities/CVE-2022-23560/44848", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151035,10 +152539,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", - "cve": "CVE-2022-21732", - "id": "pyup.io-44784", - "more_info_path": "/vulnerabilities/CVE-2022-21732/44784", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a 'SavedModel' such that any binary op would trigger 'CHECK' failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the 'dtype' no longer matches the 'dtype' expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If 'Tin' and 'Tout' don't match the type of data in 'out' and 'input_*' tensors then 'flat<*>' would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a 'CHECK' crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23583", + "id": "pyup.io-44868", + "more_info_path": "/vulnerabilities/CVE-2022-23583/44868", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151048,10 +152552,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", - "cve": "CVE-2022-23559", - "id": "pyup.io-44847", - "more_info_path": "/vulnerabilities/CVE-2022-23559/44847", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", + "cve": "CVE-2022-23564", + "id": "pyup.io-44852", + "more_info_path": "/vulnerabilities/CVE-2022-23564/44852", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151061,10 +152565,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", - "cve": "CVE-2022-23560", - "id": "pyup.io-44848", - "more_info_path": "/vulnerabilities/CVE-2022-23560/44848", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", + "cve": "CVE-2022-21725", + "id": "pyup.io-44777", + "more_info_path": "/vulnerabilities/CVE-2022-21725/44777", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151074,10 +152578,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", - "cve": "CVE-2022-21735", - "id": "pyup.io-44787", - "more_info_path": "/vulnerabilities/CVE-2022-21735/44787", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23586", + "id": "pyup.io-44871", + "more_info_path": "/vulnerabilities/CVE-2022-23586/44871", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151087,10 +152591,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", - "cve": "CVE-2022-23558", - "id": "pyup.io-44846", - "more_info_path": "/vulnerabilities/CVE-2022-23558/44846", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", + "cve": "CVE-2022-23557", + "id": "pyup.io-44845", + "more_info_path": "/vulnerabilities/CVE-2022-23557/44845", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151100,10 +152604,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a 'SavedModel' such that any binary op would trigger 'CHECK' failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the 'dtype' no longer matches the 'dtype' expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If 'Tin' and 'Tout' don't match the type of data in 'out' and 'input_*' tensors then 'flat<*>' would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a 'CHECK' crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23583", - "id": "pyup.io-44868", - "more_info_path": "/vulnerabilities/CVE-2022-23583/44868", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23589", + "id": "pyup.io-44874", + "more_info_path": "/vulnerabilities/CVE-2022-23589/44874", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151113,10 +152617,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23572", - "id": "pyup.io-44857", - "more_info_path": "/vulnerabilities/CVE-2022-23572/44857", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21731: The implementation of shape inference for 'ConcatV2' can be used to trigger a denial of service attack via a segfault caused by a type confusion. The 'axis' argument is translated into 'concat_dim' in the 'ConcatShapeHelper' helper function. Then, a value for 'min_rank' is computed based on 'concat_dim'. This is then used to validate that the 'values' tensor has at least the required rank. However, 'WithRankAtLeast' receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that 'min_rank' is a 32-bits value and the value of 'axis', the 'rank' argument is a negative value, so the error check is bypassed.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", + "cve": "CVE-2022-21731", + "id": "pyup.io-44783", + "more_info_path": "/vulnerabilities/CVE-2022-21731/44783", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151126,10 +152630,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", - "cve": "CVE-2022-23564", - "id": "pyup.io-44852", - "more_info_path": "/vulnerabilities/CVE-2022-23564/44852", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", + "cve": "CVE-2022-21728", + "id": "pyup.io-44780", + "more_info_path": "/vulnerabilities/CVE-2022-21728/44780", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151139,10 +152643,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23578", - "id": "pyup.io-44863", - "more_info_path": "/vulnerabilities/CVE-2022-23578/44863", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23584", + "id": "pyup.io-44869", + "more_info_path": "/vulnerabilities/CVE-2022-23584/44869", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151152,10 +152656,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", - "cve": "CVE-2022-21725", - "id": "pyup.io-44777", - "more_info_path": "/vulnerabilities/CVE-2022-21725/44777", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", + "cve": "CVE-2022-21735", + "id": "pyup.io-44787", + "more_info_path": "/vulnerabilities/CVE-2022-21735/44787", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151165,10 +152669,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", - "cve": "CVE-2022-21726", - "id": "pyup.io-44778", - "more_info_path": "/vulnerabilities/CVE-2022-21726/44778", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", + "cve": "CVE-2022-23558", + "id": "pyup.io-44846", + "more_info_path": "/vulnerabilities/CVE-2022-23558/44846", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151178,10 +152682,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23586", - "id": "pyup.io-44871", - "more_info_path": "/vulnerabilities/CVE-2022-23586/44871", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23572", + "id": "pyup.io-44857", + "more_info_path": "/vulnerabilities/CVE-2022-23572/44857", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151191,10 +152695,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", - "cve": "CVE-2022-21730", - "id": "pyup.io-44782", - "more_info_path": "/vulnerabilities/CVE-2022-21730/44782", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23578", + "id": "pyup.io-44863", + "more_info_path": "/vulnerabilities/CVE-2022-23578/44863", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151204,10 +152708,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21737: The implementation of '*Bincount' operations allows malicious users to cause denial of service by passing in arguments which would trigger a 'CHECK'-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in 'CHECK' failures later when the output tensors get allocated.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", - "cve": "CVE-2022-21737", - "id": "pyup.io-44789", - "more_info_path": "/vulnerabilities/CVE-2022-21737/44789", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", + "cve": "CVE-2022-21726", + "id": "pyup.io-44778", + "more_info_path": "/vulnerabilities/CVE-2022-21726/44778", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151217,10 +152721,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", - "cve": "CVE-2022-21727", - "id": "pyup.io-44779", - "more_info_path": "/vulnerabilities/CVE-2022-21727/44779", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", + "cve": "CVE-2022-21730", + "id": "pyup.io-44782", + "more_info_path": "/vulnerabilities/CVE-2022-21730/44782", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151230,10 +152734,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", - "cve": "CVE-2022-23557", - "id": "pyup.io-44845", - "more_info_path": "/vulnerabilities/CVE-2022-23557/44845", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21737: The implementation of '*Bincount' operations allows malicious users to cause denial of service by passing in arguments which would trigger a 'CHECK'-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in 'CHECK' failures later when the output tensors get allocated.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", + "cve": "CVE-2022-21737", + "id": "pyup.io-44789", + "more_info_path": "/vulnerabilities/CVE-2022-21737/44789", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151243,10 +152747,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23589", - "id": "pyup.io-44874", - "more_info_path": "/vulnerabilities/CVE-2022-23589/44874", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", + "cve": "CVE-2022-21727", + "id": "pyup.io-44779", + "more_info_path": "/vulnerabilities/CVE-2022-21727/44779", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -151344,6 +152848,71 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", + "cve": "CVE-2022-29201", + "id": "pyup.io-48646", + "more_info_path": "/vulnerabilities/CVE-2022-29201/48646", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Affected versions of Tensorflow are vulnerable to Denial of Service in the implementation of depthwise ops via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This is another instance of TFSA-2021-198 (CVE-2021-41197).", + "cve": "PVE-2024-71511", + "id": "pyup.io-71511", + "more_info_path": "/vulnerabilities/PVE-2024-71511/71511", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", + "cve": "CVE-2022-29196", + "id": "pyup.io-48642", + "more_info_path": "/vulnerabilities/CVE-2022-29196/48642", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", + "cve": "CVE-2022-29208", + "id": "pyup.io-48649", + "more_info_path": "/vulnerabilities/CVE-2022-29208/48649", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", + "cve": "CVE-2022-22576", + "id": "pyup.io-48655", + "more_info_path": "/vulnerabilities/CVE-2022-22576/48655", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, { "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29193: missing validation which causes 'TensorSummaryV2' to crash.", "cve": "CVE-2022-29193", @@ -151422,19 +152991,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", - "cve": "CVE-2022-29201", - "id": "pyup.io-48646", - "more_info_path": "/vulnerabilities/CVE-2022-29201/48646", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29195: Missing validation which causes denial of service via 'StagePeek'.", "cve": "CVE-2022-29195", @@ -151461,32 +153017,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Affected versions of Tensorflow are vulnerable to Denial of Service in the implementation of depthwise ops via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This is another instance of TFSA-2021-198 (CVE-2021-41197).", - "cve": "PVE-2024-71511", - "id": "pyup.io-71511", - "more_info_path": "/vulnerabilities/PVE-2024-71511/71511", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", - "cve": "CVE-2022-29196", - "id": "pyup.io-48642", - "more_info_path": "/vulnerabilities/CVE-2022-29196/48642", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27775.", "cve": "CVE-2022-27775", @@ -151553,10 +153083,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", - "cve": "CVE-2022-29208", - "id": "pyup.io-48649", - "more_info_path": "/vulnerabilities/CVE-2022-29208/48649", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27781.", + "cve": "CVE-2022-27781", + "id": "pyup.io-48662", + "more_info_path": "/vulnerabilities/CVE-2022-27781/48662", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -151566,10 +153096,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27781.", - "cve": "CVE-2022-27781", - "id": "pyup.io-48662", - "more_info_path": "/vulnerabilities/CVE-2022-27781/48662", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", + "cve": "CVE-2022-29202", + "id": "pyup.io-48650", + "more_info_path": "/vulnerabilities/CVE-2022-29202/48650", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -151579,10 +153109,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", - "cve": "CVE-2022-29202", - "id": "pyup.io-48650", - "more_info_path": "/vulnerabilities/CVE-2022-29202/48650", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", + "cve": "CVE-2022-29198", + "id": "pyup.io-48640", + "more_info_path": "/vulnerabilities/CVE-2022-29198/48640", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -151592,10 +153122,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", - "cve": "CVE-2022-22576", - "id": "pyup.io-48655", - "more_info_path": "/vulnerabilities/CVE-2022-22576/48655", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", + "cve": "CVE-2022-27776", + "id": "pyup.io-48658", + "more_info_path": "/vulnerabilities/CVE-2022-27776/48658", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -151605,10 +153135,36 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", - "cve": "CVE-2022-29198", - "id": "pyup.io-48640", - "more_info_path": "/vulnerabilities/CVE-2022-29198/48640", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", + "cve": "CVE-2022-29199", + "id": "pyup.io-48639", + "more_info_path": "/vulnerabilities/CVE-2022-29199/48639", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", + "cve": "CVE-2022-27779", + "id": "pyup.io-48660", + "more_info_path": "/vulnerabilities/CVE-2022-27779/48660", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'zlib' to v1.2.12 to handle CVE-2018-25032.", + "cve": "CVE-2018-25032", + "id": "pyup.io-48665", + "more_info_path": "/vulnerabilities/CVE-2018-25032/48665", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -151669,19 +153225,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", - "cve": "CVE-2022-27776", - "id": "pyup.io-48658", - "more_info_path": "/vulnerabilities/CVE-2022-27776/48658", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-30115.", "cve": "CVE-2022-30115", @@ -151748,55 +153291,88 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", - "cve": "CVE-2022-29199", - "id": "pyup.io-48639", - "more_info_path": "/vulnerabilities/CVE-2022-29199/48639", + "advisory": "A vulnerability in TensorFlow's `GatherNd` function can trigger an out-of-bounds memory read or crash when inputs exceed output sizes. This issue is resolved in a GitHub commit, which will be included in an upcoming TensorFlow release. Additionally, the fix will be applied to several previous versions that are still under support. This vulnerability has no known workarounds, so updating to a patched version is recommended.", + "cve": "CVE-2022-35938", + "id": "pyup.io-71612", + "more_info_path": "/vulnerabilities/CVE-2022-35938/71612", "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" + "<2.7.2", + ">=2.8.0,<2.8.1", + ">=2.9.0,<2.9.1" ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + "v": "<2.7.2,>=2.8.0,<2.8.1,>=2.9.0,<2.9.1" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", - "cve": "CVE-2022-27779", - "id": "pyup.io-48660", - "more_info_path": "/vulnerabilities/CVE-2022-27779/48660", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", + "cve": "CVE-2022-35996", + "id": "pyup.io-51085", + "more_info_path": "/vulnerabilities/CVE-2022-35996/51085", "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'zlib' to v1.2.12 to handle CVE-2018-25032.", - "cve": "CVE-2018-25032", - "id": "pyup.io-48665", - "more_info_path": "/vulnerabilities/CVE-2018-25032/48665", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", + "cve": "CVE-2022-36016", + "id": "pyup.io-51100", + "more_info_path": "/vulnerabilities/CVE-2022-36016/51100", "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "A vulnerability in TensorFlow's `GatherNd` function can trigger an out-of-bounds memory read or crash when inputs exceed output sizes. This issue is resolved in a GitHub commit, which will be included in an upcoming TensorFlow release. Additionally, the fix will be applied to several previous versions that are still under support. This vulnerability has no known workarounds, so updating to a patched version is recommended.", - "cve": "CVE-2022-35938", - "id": "pyup.io-71612", - "more_info_path": "/vulnerabilities/CVE-2022-35938/71612", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", + "cve": "CVE-2022-35937", + "id": "pyup.io-51049", + "more_info_path": "/vulnerabilities/CVE-2022-35937/51049", "specs": [ - "<2.7.2", - ">=2.8.0,<2.8.1", - ">=2.9.0,<2.9.1" + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" ], - "v": "<2.7.2,>=2.8.0,<2.8.1,>=2.9.0,<2.9.1" + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", + "cve": "CVE-2022-36003", + "id": "pyup.io-51092", + "more_info_path": "/vulnerabilities/CVE-2022-36003/51092", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", + "cve": "CVE-2022-35952", + "id": "pyup.io-51054", + "more_info_path": "/vulnerabilities/CVE-2022-35952/51054", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", + "cve": "CVE-2022-35964", + "id": "pyup.io-51058", + "more_info_path": "/vulnerabilities/CVE-2022-35964/51058", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", @@ -152026,18 +153602,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", - "cve": "CVE-2022-35996", - "id": "pyup.io-51085", - "more_info_path": "/vulnerabilities/CVE-2022-35996/51085", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36011: Null dereference on MLIR on empty function attributes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", "cve": "CVE-2022-36011", @@ -152050,18 +153614,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", - "cve": "CVE-2022-36016", - "id": "pyup.io-51100", - "more_info_path": "/vulnerabilities/CVE-2022-36016/51100", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", "cve": "CVE-2022-36013", @@ -152086,18 +153638,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", - "cve": "CVE-2022-35937", - "id": "pyup.io-51049", - "more_info_path": "/vulnerabilities/CVE-2022-35937/51049", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", "cve": "CVE-2022-35984", @@ -152134,18 +153674,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", - "cve": "CVE-2022-36003", - "id": "pyup.io-51092", - "more_info_path": "/vulnerabilities/CVE-2022-36003/51092", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", "cve": "CVE-2022-35960", @@ -152171,10 +153699,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", - "cve": "CVE-2022-35952", - "id": "pyup.io-51054", - "more_info_path": "/vulnerabilities/CVE-2022-35952/51054", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", + "cve": "CVE-2022-35987", + "id": "pyup.io-51076", + "more_info_path": "/vulnerabilities/CVE-2022-35987/51076", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152183,10 +153711,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", - "cve": "CVE-2022-35987", - "id": "pyup.io-51076", - "more_info_path": "/vulnerabilities/CVE-2022-35987/51076", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", + "cve": "CVE-2022-35999", + "id": "pyup.io-51088", + "more_info_path": "/vulnerabilities/CVE-2022-35999/51088", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152195,10 +153723,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", - "cve": "CVE-2022-35964", - "id": "pyup.io-51058", - "more_info_path": "/vulnerabilities/CVE-2022-35964/51058", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", + "cve": "CVE-2022-36002", + "id": "pyup.io-51091", + "more_info_path": "/vulnerabilities/CVE-2022-36002/51091", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152207,10 +153735,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", - "cve": "CVE-2022-35990", - "id": "pyup.io-51079", - "more_info_path": "/vulnerabilities/CVE-2022-35990/51079", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", + "cve": "CVE-2022-36001", + "id": "pyup.io-51090", + "more_info_path": "/vulnerabilities/CVE-2022-36001/51090", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152219,10 +153747,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", - "cve": "CVE-2022-35966", - "id": "pyup.io-51060", - "more_info_path": "/vulnerabilities/CVE-2022-35966/51060", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", + "cve": "CVE-2022-35973", + "id": "pyup.io-51067", + "more_info_path": "/vulnerabilities/CVE-2022-35973/51067", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152231,10 +153759,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", - "cve": "CVE-2022-35999", - "id": "pyup.io-51088", - "more_info_path": "/vulnerabilities/CVE-2022-35999/51088", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", + "cve": "CVE-2022-35998", + "id": "pyup.io-51087", + "more_info_path": "/vulnerabilities/CVE-2022-35998/51087", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152243,10 +153771,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", - "cve": "CVE-2022-36027", - "id": "pyup.io-51105", - "more_info_path": "/vulnerabilities/CVE-2022-36027/51105", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", + "cve": "CVE-2022-35988", + "id": "pyup.io-51077", + "more_info_path": "/vulnerabilities/CVE-2022-35988/51077", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152255,10 +153783,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", - "cve": "CVE-2022-36002", - "id": "pyup.io-51091", - "more_info_path": "/vulnerabilities/CVE-2022-36002/51091", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", + "cve": "CVE-2022-35986", + "id": "pyup.io-51075", + "more_info_path": "/vulnerabilities/CVE-2022-35986/51075", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152267,10 +153795,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", - "cve": "CVE-2022-36001", - "id": "pyup.io-51090", - "more_info_path": "/vulnerabilities/CVE-2022-36001/51090", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35969: 'CHECK' fail in 'Conv2DBackpropInput'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", + "cve": "CVE-2022-35969", + "id": "pyup.io-51063", + "more_info_path": "/vulnerabilities/CVE-2022-35969/51063", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152279,10 +153807,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36015: Integer overflow in math ops. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", - "cve": "CVE-2022-36015", - "id": "pyup.io-51099", - "more_info_path": "/vulnerabilities/CVE-2022-36015/51099", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", + "cve": "CVE-2022-36014", + "id": "pyup.io-51098", + "more_info_path": "/vulnerabilities/CVE-2022-36014/51098", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152291,10 +153819,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", - "cve": "CVE-2022-35973", - "id": "pyup.io-51067", - "more_info_path": "/vulnerabilities/CVE-2022-35973/51067", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", + "cve": "CVE-2022-35990", + "id": "pyup.io-51079", + "more_info_path": "/vulnerabilities/CVE-2022-35990/51079", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152303,10 +153831,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", - "cve": "CVE-2022-35959", - "id": "pyup.io-51055", - "more_info_path": "/vulnerabilities/CVE-2022-35959/51055", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", + "cve": "CVE-2022-35966", + "id": "pyup.io-51060", + "more_info_path": "/vulnerabilities/CVE-2022-35966/51060", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152315,10 +153843,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", - "cve": "CVE-2022-35995", - "id": "pyup.io-51084", - "more_info_path": "/vulnerabilities/CVE-2022-35995/51084", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", + "cve": "CVE-2022-36027", + "id": "pyup.io-51105", + "more_info_path": "/vulnerabilities/CVE-2022-36027/51105", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152327,10 +153855,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", - "cve": "CVE-2022-36012", - "id": "pyup.io-51096", - "more_info_path": "/vulnerabilities/CVE-2022-36012/51096", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36015: Integer overflow in math ops. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", + "cve": "CVE-2022-36015", + "id": "pyup.io-51099", + "more_info_path": "/vulnerabilities/CVE-2022-36015/51099", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152339,10 +153867,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", - "cve": "CVE-2022-35968", - "id": "pyup.io-51062", - "more_info_path": "/vulnerabilities/CVE-2022-35968/51062", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", + "cve": "CVE-2022-35959", + "id": "pyup.io-51055", + "more_info_path": "/vulnerabilities/CVE-2022-35959/51055", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152351,10 +153879,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", - "cve": "CVE-2022-36019", - "id": "pyup.io-51103", - "more_info_path": "/vulnerabilities/CVE-2022-36019/51103", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", + "cve": "CVE-2022-35995", + "id": "pyup.io-51084", + "more_info_path": "/vulnerabilities/CVE-2022-35995/51084", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152363,10 +153891,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", - "cve": "CVE-2022-35998", - "id": "pyup.io-51087", - "more_info_path": "/vulnerabilities/CVE-2022-35998/51087", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", + "cve": "CVE-2022-36012", + "id": "pyup.io-51096", + "more_info_path": "/vulnerabilities/CVE-2022-36012/51096", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152375,10 +153903,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", - "cve": "CVE-2022-35988", - "id": "pyup.io-51077", - "more_info_path": "/vulnerabilities/CVE-2022-35988/51077", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", + "cve": "CVE-2022-35968", + "id": "pyup.io-51062", + "more_info_path": "/vulnerabilities/CVE-2022-35968/51062", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152387,10 +153915,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", - "cve": "CVE-2022-35986", - "id": "pyup.io-51075", - "more_info_path": "/vulnerabilities/CVE-2022-35986/51075", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", + "cve": "CVE-2022-36019", + "id": "pyup.io-51103", + "more_info_path": "/vulnerabilities/CVE-2022-36019/51103", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -152434,18 +153962,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35969: 'CHECK' fail in 'Conv2DBackpropInput'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", - "cve": "CVE-2022-35969", - "id": "pyup.io-51063", - "more_info_path": "/vulnerabilities/CVE-2022-35969/51063", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", "cve": "CVE-2022-35965", @@ -152458,18 +153974,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", - "cve": "CVE-2022-36014", - "id": "pyup.io-51098", - "more_info_path": "/vulnerabilities/CVE-2022-36014/51098", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Impact: A recurring instance of CVE-2022-35935 has been observed and addressed. In this case, `SobolSample` is prone to denial of service due to assumed scalar inputs. You can replicate this using the following code in Python:\r\n\r\n```python \r\nimport tensorflow as tf \r\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1])) \r\n```\r\n\r\nPatches: Corrective measures have been taken and the issue has been patched via GitHub commits c65c67f88ad770662e8f191269a907bf2b94b1bf and 02400ea266bd811fc016a848445de1bbff3a23a0. These fixes will be integrated in the forthcoming TensorFlow 2.11 release and will also be added to TensorFlow 2.10.1, 2.9.3, and 2.8.4 as they fall within the supported range. Furthermore, the initial commit will be incorporated into TensorFlow 2.7.4.\r\n\r\nFor more information: You can refer to the TensorFlow's security guide for comprehensive insights into the security model and for details on how to contact them for queries or issues.\r\n\r\nAttribution: This vulnerability was reported by Kang Hong Jin from Singapore Management University, Neophytos Christou from Secure Systems Labs at Brown University, Liu Liyuan from the Information System & Security and Countermeasures Experiments Center at Beijing Institute of Technology, and Pattarakrit Rattankul.", "cve": "PVE-2023-99921", @@ -152494,6 +153998,30 @@ ], "v": "<2.8.4,>=2.10.0,<2.10.1,>=2.9.0,<2.9.3" }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", + "cve": "CVE-2022-41907", + "id": "pyup.io-51960", + "more_info_path": "/vulnerabilities/CVE-2022-41907/51960", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", + "cve": "CVE-2022-41908", + "id": "pyup.io-51961", + "more_info_path": "/vulnerabilities/CVE-2022-41908/51961", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41884: If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", "cve": "CVE-2022-41884", @@ -152590,18 +154118,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", - "cve": "CVE-2022-41907", - "id": "pyup.io-51960", - "more_info_path": "/vulnerabilities/CVE-2022-41907/51960", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41893: If 'tf.raw_ops.TensorListResize' is given a nonscalar value for input 'size', it results 'CHECK' fail which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", "cve": "CVE-2022-41893", @@ -152614,18 +154130,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", - "cve": "CVE-2022-41908", - "id": "pyup.io-51961", - "more_info_path": "/vulnerabilities/CVE-2022-41908/51961", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", "cve": "CVE-2022-41886", @@ -152650,18 +154154,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", - "cve": "CVE-2022-41894", - "id": "pyup.io-51952", - "more_info_path": "/vulnerabilities/CVE-2022-41894/51952", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", "cve": "CVE-2022-41899", @@ -152686,30 +154178,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", - "cve": "CVE-2022-41888", - "id": "pyup.io-51947", - "more_info_path": "/vulnerabilities/CVE-2022-41888/51947", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, - { - "advisory": "TensorFlow is an open source platform for machine learning. An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", - "cve": "CVE-2022-41901", - "id": "pyup.io-51959", - "more_info_path": "/vulnerabilities/CVE-2022-41901/51959", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41880: When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", "cve": "CVE-2022-41880", @@ -152758,6 +154226,42 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", + "cve": "CVE-2022-41894", + "id": "pyup.io-51952", + "more_info_path": "/vulnerabilities/CVE-2022-41894/51952", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", + "cve": "CVE-2022-41888", + "id": "pyup.io-51947", + "more_info_path": "/vulnerabilities/CVE-2022-41888/51947", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "TensorFlow is an open source platform for machine learning. An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", + "cve": "CVE-2022-41901", + "id": "pyup.io-51959", + "more_info_path": "/vulnerabilities/CVE-2022-41901/51959", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", "cve": "CVE-2022-41896", @@ -153080,6 +154584,19 @@ ], "v": ">=2.3.0rc0,<2.3.1" }, + { + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37635: In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor. The Tensorflow team has patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750.", + "cve": "CVE-2021-37635", + "id": "pyup.io-41110", + "more_info_path": "/vulnerabilities/CVE-2021-37635/41110", + "specs": [ + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" + }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37636: In affected versions the implementation of 'tf.raw_ops.SparseDenseCwiseDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9.", "cve": "CVE-2021-37636", @@ -153132,19 +154649,6 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37635: In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor. The Tensorflow team has patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750.", - "cve": "CVE-2021-37635", - "id": "pyup.io-41110", - "more_info_path": "/vulnerabilities/CVE-2021-37635/41110", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" - }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37637: It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. The Tensorflow team has patched the issue in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5.", "cve": "CVE-2021-37637", @@ -153159,10 +154663,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37642: In affected versions the implementation of 'tf.raw_ops.ResourceScatterDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.", - "cve": "CVE-2021-37642", - "id": "pyup.io-41117", - "more_info_path": "/vulnerabilities/CVE-2021-37642/41117", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", + "cve": "CVE-2021-37667", + "id": "pyup.io-41142", + "more_info_path": "/vulnerabilities/CVE-2021-37667/41142", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -153172,10 +154676,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", - "cve": "CVE-2021-37667", - "id": "pyup.io-41142", - "more_info_path": "/vulnerabilities/CVE-2021-37667/41142", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37648: In affected versions the code for 'tf.raw_ops.SaveV2' does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses 'ValidateInputs' to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses 'OP_REQUIRES' which translates to setting the 'Status' object of the current 'OpKernelContext' to an error status, followed by an empty 'return' statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the nQext line in 'Compute' that follows the call to 'ValidateInputs'. This is equivalent to lacking the validation. The Tensorflow team has patched the issue in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986.", + "cve": "CVE-2021-37648", + "id": "pyup.io-41123", + "more_info_path": "/vulnerabilities/CVE-2021-37648/41123", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -153185,10 +154689,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37648: In affected versions the code for 'tf.raw_ops.SaveV2' does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses 'ValidateInputs' to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses 'OP_REQUIRES' which translates to setting the 'Status' object of the current 'OpKernelContext' to an error status, followed by an empty 'return' statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the nQext line in 'Compute' that follows the call to 'ValidateInputs'. This is equivalent to lacking the validation. The Tensorflow team has patched the issue in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986.", - "cve": "CVE-2021-37648", - "id": "pyup.io-41123", - "more_info_path": "/vulnerabilities/CVE-2021-37648/41123", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37642: In affected versions the implementation of 'tf.raw_ops.ResourceScatterDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.", + "cve": "CVE-2021-37642", + "id": "pyup.io-41117", + "more_info_path": "/vulnerabilities/CVE-2021-37642/41117", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -153210,6 +154714,19 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, + { + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37638: Sending invalid argument for 'row_partition_types' of 'tf.raw_ops.RaggedTensorToTensor' API results in a null pointer dereference and undefined behavior. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. The Tensorflow team has patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314.", + "cve": "CVE-2021-37638", + "id": "pyup.io-41113", + "more_info_path": "/vulnerabilities/CVE-2021-37638/41113", + "specs": [ + ">=2.3.0rc0,<2.3.4", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" + }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37649: The code for 'tf.raw_ops.UncompressElement' can be made to trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a 'CompressedElement' from a 'Variant' tensor and then proceeds to dereference it for decompressing. There is no check that the 'Variant' tensor contained a 'CompressedElement', so the pointer is actually 'nullptr'. The Tensorflow team has patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.", "cve": "CVE-2021-37649", @@ -153276,10 +154793,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37638: Sending invalid argument for 'row_partition_types' of 'tf.raw_ops.RaggedTensorToTensor' API results in a null pointer dereference and undefined behavior. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. The Tensorflow team has patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314.", - "cve": "CVE-2021-37638", - "id": "pyup.io-41113", - "more_info_path": "/vulnerabilities/CVE-2021-37638/41113", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37647: When a user does not supply arguments that determine a valid sparse tensor, 'tf.raw_ops.SparseTensorSliceDataset' implementation can be made to dereference a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either 'indices' or 'values' are provided for an empty sparse tensor when the other is not. If 'indices' is empty, then code that performs validation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If 'indices' as provided by the user is empty, then 'indices' in the C++ code above is backed by an empty 'std::vector', hence calling 'indices->dim_size(0)' results in null pointer dereferencing (same as calling 'std::vector::at()' on an empty vector). The Tensorflow team has patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7.", + "cve": "CVE-2021-37647", + "id": "pyup.io-41122", + "more_info_path": "/vulnerabilities/CVE-2021-37647/41122", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -153314,19 +154831,6 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37647: When a user does not supply arguments that determine a valid sparse tensor, 'tf.raw_ops.SparseTensorSliceDataset' implementation can be made to dereference a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either 'indices' or 'values' are provided for an empty sparse tensor when the other is not. If 'indices' is empty, then code that performs validation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If 'indices' as provided by the user is empty, then 'indices' in the C++ code above is backed by an empty 'std::vector', hence calling 'indices->dim_size(0)' results in null pointer dereferencing (same as calling 'std::vector::at()' on an empty vector). The Tensorflow team has patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7.", - "cve": "CVE-2021-37647", - "id": "pyup.io-41122", - "more_info_path": "/vulnerabilities/CVE-2021-37647/41122", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" - }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37658: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixSetDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b.", "cve": "CVE-2021-37658", @@ -153391,10 +154895,10 @@ "v": ">=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.5.0rc0,<2.5.0" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropInput'. See CVE-2021-29525.", - "cve": "CVE-2021-29525", - "id": "pyup.io-40684", - "more_info_path": "/vulnerabilities/CVE-2021-29525/40684", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix vulnerabilities where session operations in eager mode lead to null pointer dereferences. See CVE-2021-29518.", + "cve": "CVE-2021-29518", + "id": "pyup.io-40677", + "more_info_path": "/vulnerabilities/CVE-2021-29518/40677", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153405,10 +154909,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", - "cve": "CVE-2021-29539", - "id": "pyup.io-40467", - "more_info_path": "/vulnerabilities/CVE-2021-29539/40467", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.EncodePng'. See CVE-2021-29531.", + "cve": "CVE-2021-29531", + "id": "pyup.io-40690", + "more_info_path": "/vulnerabilities/CVE-2021-29531/40690", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153419,10 +154923,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix vulnerabilities where session operations in eager mode lead to null pointer dereferences. See CVE-2021-29518.", - "cve": "CVE-2021-29518", - "id": "pyup.io-40677", - "more_info_path": "/vulnerabilities/CVE-2021-29518/40677", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by invalid validation in 'SparseMatrixSparseCholesky'. See CVE-2021-29530.", + "cve": "CVE-2021-29530", + "id": "pyup.io-40688", + "more_info_path": "/vulnerabilities/CVE-2021-29530/40688", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153433,10 +154937,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", - "cve": "CVE-2021-29532", - "id": "pyup.io-40691", - "more_info_path": "/vulnerabilities/CVE-2021-29532/40691", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", + "cve": "CVE-2021-29615", + "id": "pyup.io-40767", + "more_info_path": "/vulnerabilities/CVE-2021-29615/40767", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153447,10 +154951,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.EncodePng'. See CVE-2021-29531.", - "cve": "CVE-2021-29531", - "id": "pyup.io-40690", - "more_info_path": "/vulnerabilities/CVE-2021-29531/40690", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a heap buffer overflow in 'Conv3DBackprop*'. See CVE-2021-29520.", + "cve": "CVE-2021-29520", + "id": "pyup.io-40680", + "more_info_path": "/vulnerabilities/CVE-2021-29520/40680", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153461,10 +154965,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29537: An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly.", - "cve": "CVE-2021-29537", - "id": "pyup.io-40695", - "more_info_path": "/vulnerabilities/CVE-2021-29537/40695", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropFilter'. See CVE-2021-29524.", + "cve": "CVE-2021-29524", + "id": "pyup.io-40683", + "more_info_path": "/vulnerabilities/CVE-2021-29524/40683", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153475,10 +154979,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", - "cve": "CVE-2021-29533", - "id": "pyup.io-40692", - "more_info_path": "/vulnerabilities/CVE-2021-29533/40692", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropInput'. See CVE-2021-29525.", + "cve": "CVE-2021-29525", + "id": "pyup.io-40684", + "more_info_path": "/vulnerabilities/CVE-2021-29525/40684", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153489,10 +154993,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by invalid validation in 'SparseMatrixSparseCholesky'. See CVE-2021-29530.", - "cve": "CVE-2021-29530", - "id": "pyup.io-40688", - "more_info_path": "/vulnerabilities/CVE-2021-29530/40688", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", + "cve": "CVE-2021-29539", + "id": "pyup.io-40467", + "more_info_path": "/vulnerabilities/CVE-2021-29539/40467", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153503,10 +155007,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", - "cve": "CVE-2021-29615", - "id": "pyup.io-40767", - "more_info_path": "/vulnerabilities/CVE-2021-29615/40767", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", + "cve": "CVE-2021-29532", + "id": "pyup.io-40691", + "more_info_path": "/vulnerabilities/CVE-2021-29532/40691", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153517,10 +155021,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", - "cve": "CVE-2021-29552", - "id": "pyup.io-40710", - "more_info_path": "/vulnerabilities/CVE-2021-29552/40710", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29537: An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly.", + "cve": "CVE-2021-29537", + "id": "pyup.io-40695", + "more_info_path": "/vulnerabilities/CVE-2021-29537/40695", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153531,10 +155035,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a heap buffer overflow in 'Conv3DBackprop*'. See CVE-2021-29520.", - "cve": "CVE-2021-29520", - "id": "pyup.io-40680", - "more_info_path": "/vulnerabilities/CVE-2021-29520/40680", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", + "cve": "CVE-2021-29533", + "id": "pyup.io-40692", + "more_info_path": "/vulnerabilities/CVE-2021-29533/40692", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153545,10 +155049,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropFilter'. See CVE-2021-29524.", - "cve": "CVE-2021-29524", - "id": "pyup.io-40683", - "more_info_path": "/vulnerabilities/CVE-2021-29524/40683", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", + "cve": "CVE-2021-29552", + "id": "pyup.io-40710", + "more_info_path": "/vulnerabilities/CVE-2021-29552/40710", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153587,10 +155091,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a segfault in 'SparseCountSparseOutput'. See CVE-2021-29521.", - "cve": "CVE-2021-29521", - "id": "pyup.io-40679", - "more_info_path": "/vulnerabilities/CVE-2021-29521/40679", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29549: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on input shapes (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0.", + "cve": "CVE-2021-29549", + "id": "pyup.io-40706", + "more_info_path": "/vulnerabilities/CVE-2021-29549/40706", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153601,10 +155105,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", - "cve": "CVE-2021-29534", - "id": "pyup.io-40694", - "more_info_path": "/vulnerabilities/CVE-2021-29534/40694", + "advisory": "Tensorflow 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", + "cve": "CVE-2021-29548", + "id": "pyup.io-40468", + "more_info_path": "/vulnerabilities/CVE-2021-29548/40468", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153615,10 +155119,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29549: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on input shapes (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0.", - "cve": "CVE-2021-29549", - "id": "pyup.io-40706", - "more_info_path": "/vulnerabilities/CVE-2021-29549/40706", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29538: An attacker can cause a division by zero to occur in 'Conv2DBackpropFilter'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then 'work_unit_size' is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.", + "cve": "CVE-2021-29538", + "id": "pyup.io-40697", + "more_info_path": "/vulnerabilities/CVE-2021-29538/40697", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153629,10 +155133,24 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", - "cve": "CVE-2021-29548", - "id": "pyup.io-40468", - "more_info_path": "/vulnerabilities/CVE-2021-29548/40468", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a segfault in 'SparseCountSparseOutput'. See CVE-2021-29521.", + "cve": "CVE-2021-29521", + "id": "pyup.io-40679", + "more_info_path": "/vulnerabilities/CVE-2021-29521/40679", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", + "cve": "CVE-2021-29534", + "id": "pyup.io-40694", + "more_info_path": "/vulnerabilities/CVE-2021-29534/40694", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -153684,20 +155202,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29538: An attacker can cause a division by zero to occur in 'Conv2DBackpropFilter'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then 'work_unit_size' is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.", - "cve": "CVE-2021-29538", - "id": "pyup.io-40697", - "more_info_path": "/vulnerabilities/CVE-2021-29538/40697", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'StringNGrams'. See CVE-2021-29541.", "cve": "CVE-2021-29541", @@ -153811,10 +155315,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a reference binding to null pointer in 'MatrixDiag*' ops. See CVE-2021-29515.", - "cve": "CVE-2021-29515", - "id": "pyup.io-40673", - "more_info_path": "/vulnerabilities/CVE-2021-29515/40673", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in 'Conv3D'. See CVE-2021-29517.", + "cve": "CVE-2021-29517", + "id": "pyup.io-40676", + "more_info_path": "/vulnerabilities/CVE-2021-29517/40676", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.2.0rc0,<2.2.3", @@ -153825,10 +155329,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix fixes a null pointer dereference via invalid Ragged Tensors. See CVE-2021-29516.", - "cve": "CVE-2021-29516", - "id": "pyup.io-40675", - "more_info_path": "/vulnerabilities/CVE-2021-29516/40675", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a reference binding to null pointer in 'MatrixDiag*' ops. See CVE-2021-29515.", + "cve": "CVE-2021-29515", + "id": "pyup.io-40673", + "more_info_path": "/vulnerabilities/CVE-2021-29515/40673", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.2.0rc0,<2.2.3", @@ -153839,10 +155343,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in 'Conv3D'. See CVE-2021-29517.", - "cve": "CVE-2021-29517", - "id": "pyup.io-40676", - "more_info_path": "/vulnerabilities/CVE-2021-29517/40676", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix fixes a null pointer dereference via invalid Ragged Tensors. See CVE-2021-29516.", + "cve": "CVE-2021-29516", + "id": "pyup.io-40675", + "more_info_path": "/vulnerabilities/CVE-2021-29516/40675", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.2.0rc0,<2.2.3", @@ -154049,10 +155553,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.3.0rc0,<2.3.3" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29595: The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/depth_to_space.cc#L63-L69). An attacker can craft a model such that `params->block_size` is 0.", - "cve": "CVE-2021-29595", - "id": "pyup.io-40746", - "more_info_path": "/vulnerabilities/CVE-2021-29595/40746", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'LoadAndRemapMatrix'. See CVE-2021-29561.", + "cve": "CVE-2021-29561", + "id": "pyup.io-40718", + "more_info_path": "/vulnerabilities/CVE-2021-29561/40718", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154063,10 +155567,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.3.0rc0,<2.3.3" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'LoadAndRemapMatrix'. See CVE-2021-29561.", - "cve": "CVE-2021-29561", - "id": "pyup.io-40718", - "more_info_path": "/vulnerabilities/CVE-2021-29561/40718", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29595: The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/depth_to_space.cc#L63-L69). An attacker can craft a model such that `params->block_size` is 0.", + "cve": "CVE-2021-29595", + "id": "pyup.io-40746", + "more_info_path": "/vulnerabilities/CVE-2021-29595/40746", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154104,20 +155608,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'SparseMatMul'. See CVE-2021-29557.", - "cve": "CVE-2021-29557", - "id": "pyup.io-40713", - "more_info_path": "/vulnerabilities/CVE-2021-29557/40713", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", "cve": "CVE-2021-29612", @@ -154160,6 +155650,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'SparseMatMul'. See CVE-2021-29557.", + "cve": "CVE-2021-29557", + "id": "pyup.io-40713", + "more_info_path": "/vulnerabilities/CVE-2021-29557/40713", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" + }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29514: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L446). Before the 'for' loop, 'batch_idx' is set to 0. The attacker sets 'splits(0)' to be 7, hence the 'while' loop does not execute and 'batch_idx' remains 0. This then results in writing to 'out(-1, bin)', which is before the heap allocated buffer for the output tensor.", "cve": "CVE-2021-29514", @@ -154203,10 +155707,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'Split'. See CVE-2021-29599.", - "cve": "CVE-2021-29599", - "id": "pyup.io-40752", - "more_info_path": "/vulnerabilities/CVE-2021-29599/40752", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'BatchToSpaceNd'. See CVE-2021-29593.", + "cve": "CVE-2021-29593", + "id": "pyup.io-40749", + "more_info_path": "/vulnerabilities/CVE-2021-29593/40749", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154217,10 +155721,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29618: Passing a complex argument to `tf.transpose` at the same time as passing 'conjugate=True' argument results in a crash.", - "cve": "CVE-2021-29618", - "id": "pyup.io-40769", - "more_info_path": "/vulnerabilities/CVE-2021-29618/40769", + "advisory": "Tensorflow versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", + "cve": "CVE-2020-8284", + "id": "pyup.io-40775", + "more_info_path": "/vulnerabilities/CVE-2020-8284/40775", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154231,10 +155735,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseSparseMinimum'. See CVE-2021-29607.", - "cve": "CVE-2021-29607", - "id": "pyup.io-40762", - "more_info_path": "/vulnerabilities/CVE-2021-29607/40762", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", + "cve": "CVE-2021-29580", + "id": "pyup.io-40731", + "more_info_path": "/vulnerabilities/CVE-2021-29580/40731", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154245,10 +155749,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", - "cve": "CVE-2021-29572", - "id": "pyup.io-40471", - "more_info_path": "/vulnerabilities/CVE-2021-29572/40471", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'EditDistance'. See CVE-2021-29564.", + "cve": "CVE-2021-29564", + "id": "pyup.io-40721", + "more_info_path": "/vulnerabilities/CVE-2021-29564/40721", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154259,10 +155763,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'BatchToSpaceNd'. See CVE-2021-29593.", - "cve": "CVE-2021-29593", - "id": "pyup.io-40749", - "more_info_path": "/vulnerabilities/CVE-2021-29593/40749", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", + "cve": "CVE-2021-29571", + "id": "pyup.io-40470", + "more_info_path": "/vulnerabilities/CVE-2021-29571/40470", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154273,10 +155777,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", - "cve": "CVE-2020-8284", - "id": "pyup.io-40775", - "more_info_path": "/vulnerabilities/CVE-2020-8284/40775", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'DepthwiseConv'. See CVE-2021-29602.", + "cve": "CVE-2021-29602", + "id": "pyup.io-40754", + "more_info_path": "/vulnerabilities/CVE-2021-29602/40754", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154287,10 +155791,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", - "cve": "CVE-2021-29580", - "id": "pyup.io-40731", - "more_info_path": "/vulnerabilities/CVE-2021-29580/40731", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", + "cve": "CVE-2021-29577", + "id": "pyup.io-40730", + "more_info_path": "/vulnerabilities/CVE-2021-29577/40730", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154301,10 +155805,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29568: An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of `shape`. If `shape` argument is empty, then `shape_tensor.flat()` is an empty array.", - "cve": "CVE-2021-29568", - "id": "pyup.io-40723", - "more_info_path": "/vulnerabilities/CVE-2021-29568/40723", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29610: The validation in 'tf.raw_ops.QuantizeAndDequantizeV2' allows invalid values for 'axis' argument:. The validation (https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77) uses '||' to mix two different conditions. If 'axis_ < -1' the condition in 'OP_REQUIRES' will still be true, but this value of 'axis_' results in heap underflow. This allows attackers to read/write to other data on the heap.", + "cve": "CVE-2021-29610", + "id": "pyup.io-40764", + "more_info_path": "/vulnerabilities/CVE-2021-29610/40764", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154315,10 +155819,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'EditDistance'. See CVE-2021-29564.", - "cve": "CVE-2021-29564", - "id": "pyup.io-40721", - "more_info_path": "/vulnerabilities/CVE-2021-29564/40721", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPool3DGradGrad'. See CVE-2021-29576.", + "cve": "CVE-2021-29576", + "id": "pyup.io-40729", + "more_info_path": "/vulnerabilities/CVE-2021-29576/40729", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154329,10 +155833,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", - "cve": "CVE-2021-29571", - "id": "pyup.io-40470", - "more_info_path": "/vulnerabilities/CVE-2021-29571/40470", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite concatentation. See CVE-2021-29601.", + "cve": "CVE-2021-29601", + "id": "pyup.io-40756", + "more_info_path": "/vulnerabilities/CVE-2021-29601/40756", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154343,10 +155847,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in 'tf.raw_ops.Dequantize'. See CVE-2021-29582.", - "cve": "CVE-2021-29582", - "id": "pyup.io-40735", - "more_info_path": "/vulnerabilities/CVE-2021-29582/40735", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", + "cve": "CVE-2021-29611", + "id": "pyup.io-40763", + "more_info_path": "/vulnerabilities/CVE-2021-29611/40763", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154357,10 +155861,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'DepthwiseConv'. See CVE-2021-29602.", - "cve": "CVE-2021-29602", - "id": "pyup.io-40754", - "more_info_path": "/vulnerabilities/CVE-2021-29602/40754", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a segfault in 'tf.raw_ops.SparseCountSparseOutput'. See CVE-2021-29619.", + "cve": "CVE-2021-29619", + "id": "pyup.io-40771", + "more_info_path": "/vulnerabilities/CVE-2021-29619/40771", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154371,10 +155875,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", - "cve": "CVE-2021-29577", - "id": "pyup.io-40730", - "more_info_path": "/vulnerabilities/CVE-2021-29577/40730", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", + "cve": "CVE-2021-29553", + "id": "pyup.io-40709", + "more_info_path": "/vulnerabilities/CVE-2021-29553/40709", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154385,10 +155889,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29610: The validation in 'tf.raw_ops.QuantizeAndDequantizeV2' allows invalid values for 'axis' argument:. The validation (https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77) uses '||' to mix two different conditions. If 'axis_ < -1' the condition in 'OP_REQUIRES' will still be true, but this value of 'axis_' results in heap underflow. This allows attackers to read/write to other data on the heap.", - "cve": "CVE-2021-29610", - "id": "pyup.io-40764", - "more_info_path": "/vulnerabilities/CVE-2021-29610/40764", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'SparseFillEmptyRows'. See CVE-2021-29565.", + "cve": "CVE-2021-29565", + "id": "pyup.io-40778", + "more_info_path": "/vulnerabilities/CVE-2021-29565/40778", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154399,10 +155903,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", - "cve": "CVE-2021-29560", - "id": "pyup.io-40717", - "more_info_path": "/vulnerabilities/CVE-2021-29560/40717", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", + "cve": "CVE-2021-29605", + "id": "pyup.io-40757", + "more_info_path": "/vulnerabilities/CVE-2021-29605/40757", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154413,10 +155917,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPool3DGradGrad'. See CVE-2021-29576.", - "cve": "CVE-2021-29576", - "id": "pyup.io-40729", - "more_info_path": "/vulnerabilities/CVE-2021-29576/40729", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap OOB read in TFLite. See CVE-2021-29606.", + "cve": "CVE-2021-29606", + "id": "pyup.io-40759", + "more_info_path": "/vulnerabilities/CVE-2021-29606/40759", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154427,10 +155931,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite concatentation. See CVE-2021-29601.", - "cve": "CVE-2021-29601", - "id": "pyup.io-40756", - "more_info_path": "/vulnerabilities/CVE-2021-29601/40756", + "advisory": "Tensorflow versions 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 updates its dependency \"curl\" to a secure version (7.76.0).", + "cve": "CVE-2020-8285", + "id": "pyup.io-40776", + "more_info_path": "/vulnerabilities/CVE-2020-8285/40776", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154441,10 +155945,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", - "cve": "CVE-2021-29611", - "id": "pyup.io-40763", - "more_info_path": "/vulnerabilities/CVE-2021-29611/40763", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 updates 'curl' to '7.76.0' to handle CVE-2020-8286: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", + "cve": "CVE-2020-8286", + "id": "pyup.io-40777", + "more_info_path": "/vulnerabilities/CVE-2020-8286/40777", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154455,10 +155959,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a segfault in 'tf.raw_ops.SparseCountSparseOutput'. See CVE-2021-29619.", - "cve": "CVE-2021-29619", - "id": "pyup.io-40771", - "more_info_path": "/vulnerabilities/CVE-2021-29619/40771", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", + "cve": "CVE-2021-29600", + "id": "pyup.io-40753", + "more_info_path": "/vulnerabilities/CVE-2021-29600/40753", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154469,10 +155973,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", - "cve": "CVE-2021-29553", - "id": "pyup.io-40709", - "more_info_path": "/vulnerabilities/CVE-2021-29553/40709", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'FractionalAvgPoolGrad'. See CVE-2021-29578.", + "cve": "CVE-2021-29578", + "id": "pyup.io-40732", + "more_info_path": "/vulnerabilities/CVE-2021-29578/40732", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154483,10 +155987,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", - "cve": "CVE-2021-29573", - "id": "pyup.io-40727", - "more_info_path": "/vulnerabilities/CVE-2021-29573/40727", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", + "cve": "CVE-2021-29608", + "id": "pyup.io-40760", + "more_info_path": "/vulnerabilities/CVE-2021-29608/40760", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154497,10 +156001,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of hashtable lookup. See CVE-2021-29604.", - "cve": "CVE-2021-29604", - "id": "pyup.io-40755", - "more_info_path": "/vulnerabilities/CVE-2021-29604/40755", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB write in TFLite. See CVE-2021-29603.", + "cve": "CVE-2021-29603", + "id": "pyup.io-40758", + "more_info_path": "/vulnerabilities/CVE-2021-29603/40758", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154511,10 +156015,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'SparseFillEmptyRows'. See CVE-2021-29565.", - "cve": "CVE-2021-29565", - "id": "pyup.io-40778", - "more_info_path": "/vulnerabilities/CVE-2021-29565/40778", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update its dependency \"curl\" to v7.76.0 to include security fixes.", + "cve": "CVE-2020-8231", + "id": "pyup.io-40774", + "more_info_path": "/vulnerabilities/CVE-2020-8231/40774", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154525,10 +156029,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", - "cve": "CVE-2021-29605", - "id": "pyup.io-40757", - "more_info_path": "/vulnerabilities/CVE-2021-29605/40757", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", + "cve": "CVE-2021-29579", + "id": "pyup.io-40733", + "more_info_path": "/vulnerabilities/CVE-2021-29579/40733", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154539,10 +156043,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap OOB read in TFLite. See CVE-2021-29606.", - "cve": "CVE-2021-29606", - "id": "pyup.io-40759", - "more_info_path": "/vulnerabilities/CVE-2021-29606/40759", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", + "cve": "CVE-2021-29598", + "id": "pyup.io-40751", + "more_info_path": "/vulnerabilities/CVE-2021-29598/40751", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154553,10 +156057,122 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow versions 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 updates its dependency \"curl\" to a secure version (7.76.0).", - "cve": "CVE-2020-8285", - "id": "pyup.io-40776", - "more_info_path": "/vulnerabilities/CVE-2020-8285/40776", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'Split'. See CVE-2021-29599.", + "cve": "CVE-2021-29599", + "id": "pyup.io-40752", + "more_info_path": "/vulnerabilities/CVE-2021-29599/40752", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29618: Passing a complex argument to `tf.transpose` at the same time as passing 'conjugate=True' argument results in a crash.", + "cve": "CVE-2021-29618", + "id": "pyup.io-40769", + "more_info_path": "/vulnerabilities/CVE-2021-29618/40769", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseSparseMinimum'. See CVE-2021-29607.", + "cve": "CVE-2021-29607", + "id": "pyup.io-40762", + "more_info_path": "/vulnerabilities/CVE-2021-29607/40762", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", + "cve": "CVE-2021-29572", + "id": "pyup.io-40471", + "more_info_path": "/vulnerabilities/CVE-2021-29572/40471", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29568: An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of `shape`. If `shape` argument is empty, then `shape_tensor.flat()` is an empty array.", + "cve": "CVE-2021-29568", + "id": "pyup.io-40723", + "more_info_path": "/vulnerabilities/CVE-2021-29568/40723", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in 'tf.raw_ops.Dequantize'. See CVE-2021-29582.", + "cve": "CVE-2021-29582", + "id": "pyup.io-40735", + "more_info_path": "/vulnerabilities/CVE-2021-29582/40735", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", + "cve": "CVE-2021-29560", + "id": "pyup.io-40717", + "more_info_path": "/vulnerabilities/CVE-2021-29560/40717", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", + "cve": "CVE-2021-29573", + "id": "pyup.io-40727", + "more_info_path": "/vulnerabilities/CVE-2021-29573/40727", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of hashtable lookup. See CVE-2021-29604.", + "cve": "CVE-2021-29604", + "id": "pyup.io-40755", + "more_info_path": "/vulnerabilities/CVE-2021-29604/40755", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154623,108 +156239,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 updates 'curl' to '7.76.0' to handle CVE-2020-8286: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", - "cve": "CVE-2020-8286", - "id": "pyup.io-40777", - "more_info_path": "/vulnerabilities/CVE-2020-8286/40777", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", - "cve": "CVE-2021-29600", - "id": "pyup.io-40753", - "more_info_path": "/vulnerabilities/CVE-2021-29600/40753", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'FractionalAvgPoolGrad'. See CVE-2021-29578.", - "cve": "CVE-2021-29578", - "id": "pyup.io-40732", - "more_info_path": "/vulnerabilities/CVE-2021-29578/40732", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", - "cve": "CVE-2021-29608", - "id": "pyup.io-40760", - "more_info_path": "/vulnerabilities/CVE-2021-29608/40760", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB write in TFLite. See CVE-2021-29603.", - "cve": "CVE-2021-29603", - "id": "pyup.io-40758", - "more_info_path": "/vulnerabilities/CVE-2021-29603/40758", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update its dependency \"curl\" to v7.76.0 to include security fixes.", - "cve": "CVE-2020-8231", - "id": "pyup.io-40774", - "more_info_path": "/vulnerabilities/CVE-2020-8231/40774", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", - "cve": "CVE-2021-29579", - "id": "pyup.io-40733", - "more_info_path": "/vulnerabilities/CVE-2021-29579/40733", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", - "cve": "CVE-2021-29598", - "id": "pyup.io-40751", - "more_info_path": "/vulnerabilities/CVE-2021-29598/40751", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail due to integer overflow. See CVE-2021-29584.", + "cve": "CVE-2021-29584", + "id": "pyup.io-40736", + "more_info_path": "/vulnerabilities/CVE-2021-29584/40736", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -154790,20 +156308,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail due to integer overflow. See CVE-2021-29584.", - "cve": "CVE-2021-29584", - "id": "pyup.io-40736", - "more_info_path": "/vulnerabilities/CVE-2021-29584/40736", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.IRFFT'. See CVE-2021-29562.", "cve": "CVE-2021-29562", @@ -154959,10 +156463,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37645: In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1.", - "cve": "CVE-2021-37645", - "id": "pyup.io-41120", - "more_info_path": "/vulnerabilities/CVE-2021-37645/41120", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37688: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally dereferences a pointer. The Tensorflow team has patched the issue in GitHub commit 15691e456c7dc9bd6be203b09765b063bf4a380c.", + "cve": "CVE-2021-37688", + "id": "pyup.io-41163", + "more_info_path": "/vulnerabilities/CVE-2021-37688/41163", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.4.0rc0,<2.4.3", @@ -154972,10 +156476,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37688: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally dereferences a pointer. The Tensorflow team has patched the issue in GitHub commit 15691e456c7dc9bd6be203b09765b063bf4a380c.", - "cve": "CVE-2021-37688", - "id": "pyup.io-41163", - "more_info_path": "/vulnerabilities/CVE-2021-37688/41163", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37645: In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1.", + "cve": "CVE-2021-37645", + "id": "pyup.io-41120", + "more_info_path": "/vulnerabilities/CVE-2021-37645/41120", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.4.0rc0,<2.4.3", @@ -155124,10 +156628,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37661: In affected versions an attacker can cause a denial of service in 'boosted_trees_create_quantile_stream_resource' by using negative arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that 'num_streams' only contains non-negative numbers. In turn, this results in using this value to allocate memory (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, 'reserve' receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library. The Tensorflow team has patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992.", - "cve": "CVE-2021-37661", - "id": "pyup.io-41136", - "more_info_path": "/vulnerabilities/CVE-2021-37661/41136", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", + "cve": "CVE-2021-37685", + "id": "pyup.io-41160", + "more_info_path": "/vulnerabilities/CVE-2021-37685/41160", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -155137,10 +156641,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", - "cve": "CVE-2021-37685", - "id": "pyup.io-41160", - "more_info_path": "/vulnerabilities/CVE-2021-37685/41160", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37661: In affected versions an attacker can cause a denial of service in 'boosted_trees_create_quantile_stream_resource' by using negative arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that 'num_streams' only contains non-negative numbers. In turn, this results in using this value to allocate memory (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, 'reserve' receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library. The Tensorflow team has patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992.", + "cve": "CVE-2021-37661", + "id": "pyup.io-41136", + "more_info_path": "/vulnerabilities/CVE-2021-37661/41136", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -155228,10 +156732,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37646: In affected versions the implementation of 'tf.raw_ops.StringNGrams' is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/string_ngrams_op.cc#L184) calls 'reserve' on a 'tstring' with a value that sometimes can be negative if user supplies negative 'ngram_widths'. The 'reserve' method calls 'TF_TString_Reserve' which has an 'unsigned long' argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5.", - "cve": "CVE-2021-37646", - "id": "pyup.io-41121", - "more_info_path": "/vulnerabilities/CVE-2021-37646/41121", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37666: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToVariant'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an incomplete validation of the splits values, missing the case when the argument would be empty. The Tensorflow team has patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612.", + "cve": "CVE-2021-37666", + "id": "pyup.io-41141", + "more_info_path": "/vulnerabilities/CVE-2021-37666/41141", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -155241,10 +156745,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37643: If a user does not provide a valid padding value to 'tf.raw_ops.MatrixDiagPartOp', then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. The Tensorflow team has patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988.", - "cve": "CVE-2021-37643", - "id": "pyup.io-41118", - "more_info_path": "/vulnerabilities/CVE-2021-37643/41118", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37646: In affected versions the implementation of 'tf.raw_ops.StringNGrams' is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/string_ngrams_op.cc#L184) calls 'reserve' on a 'tstring' with a value that sometimes can be negative if user supplies negative 'ngram_widths'. The 'reserve' method calls 'TF_TString_Reserve' which has an 'unsigned long' argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5.", + "cve": "CVE-2021-37646", + "id": "pyup.io-41121", + "more_info_path": "/vulnerabilities/CVE-2021-37646/41121", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -155254,10 +156758,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37666: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToVariant'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an incomplete validation of the splits values, missing the case when the argument would be empty. The Tensorflow team has patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612.", - "cve": "CVE-2021-37666", - "id": "pyup.io-41141", - "more_info_path": "/vulnerabilities/CVE-2021-37666/41141", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37643: If a user does not provide a valid padding value to 'tf.raw_ops.MatrixDiagPartOp', then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. The Tensorflow team has patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988.", + "cve": "CVE-2021-37643", + "id": "pyup.io-41118", + "more_info_path": "/vulnerabilities/CVE-2021-37643/41118", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -155305,6 +156809,19 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1" }, + { + "advisory": "Tensorflow 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22876", + "id": "pyup.io-41107", + "more_info_path": "/vulnerabilities/CVE-2021-22876/41107", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, { "advisory": "Tensorflow 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", "cve": "CVE-2021-22897", @@ -155383,19 +156900,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, - { - "advisory": "Tensorflow 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22876", - "id": "pyup.io-41107", - "more_info_path": "/vulnerabilities/CVE-2021-22876/41107", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37679:\r\nIn affected versions it is possible to nest a \"tf.map_fn\" within another \"tf.map_fn\" call. However, if the input tensor is a \"RaggedTensor\" and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The \"t\" and \"z\" outputs should be identical, however this is not the case. The last row of \"t\" contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a \"Variant\" tensor to a \"RaggedTensor\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked. The Tensorflow team has patched the issue in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp\r\nhttps://github.com/tensorflow/tensorflow/commit/4e2565483d0ffcadc719bd44893fb7f609bb5f12", "cve": "CVE-2021-37679", @@ -155423,10 +156927,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\r\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\r\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", - "cve": "CVE-2021-37670", - "id": "pyup.io-41145", - "more_info_path": "/vulnerabilities/CVE-2021-37670/41145", + "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\r\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\r\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", + "cve": "CVE-2021-37672", + "id": "pyup.io-41147", + "more_info_path": "/vulnerabilities/CVE-2021-37672/41147", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -155436,10 +156940,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\r\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\r\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", - "cve": "CVE-2021-37672", - "id": "pyup.io-41147", - "more_info_path": "/vulnerabilities/CVE-2021-37672/41147", + "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\r\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\r\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", + "cve": "CVE-2021-37670", + "id": "pyup.io-41145", + "more_info_path": "/vulnerabilities/CVE-2021-37670/41145", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -156863,10 +158367,10 @@ "v": "<1.15.0" }, { - "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"Apache Spark\" to handle CVE-2019-10099.", - "cve": "CVE-2019-10099", - "id": "pyup.io-55878", - "more_info_path": "/vulnerabilities/CVE-2019-10099/55878", + "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2019-13960.", + "cve": "CVE-2019-13960", + "id": "pyup.io-55875", + "more_info_path": "/vulnerabilities/CVE-2019-13960/55875", "specs": [ "<1.15.3", ">=2.0.0a0,<2.0.2", @@ -156875,10 +158379,10 @@ "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite3\" to handle CVE-2019-19244.", - "cve": "CVE-2019-19244", - "id": "pyup.io-55871", - "more_info_path": "/vulnerabilities/CVE-2019-19244/55871", + "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"Apache Spark\" to handle CVE-2019-10099.", + "cve": "CVE-2019-10099", + "id": "pyup.io-55878", + "more_info_path": "/vulnerabilities/CVE-2019-10099/55878", "specs": [ "<1.15.3", ">=2.0.0a0,<2.0.2", @@ -156887,10 +158391,10 @@ "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2019-13960.", - "cve": "CVE-2019-13960", - "id": "pyup.io-55875", - "more_info_path": "/vulnerabilities/CVE-2019-13960/55875", + "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite3\" to handle CVE-2019-19244.", + "cve": "CVE-2019-19244", + "id": "pyup.io-55871", + "more_info_path": "/vulnerabilities/CVE-2019-19244/55871", "specs": [ "<1.15.3", ">=2.0.0a0,<2.0.2", @@ -156985,10 +158489,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15206: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's \"SavedModel\" protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using \"Tensorflow-cpu-serving\" or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d. However, this was not enough, as #41097 reported a different failure mode. The issue was finally patched in commit df095206f25471e864a8e63a0f1caef53a0e3a6", - "cve": "CVE-2020-15206", - "id": "pyup.io-55847", - "more_info_path": "/vulnerabilities/CVE-2020-15206/55847", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a \"DCHECK\" which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue was patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d", + "cve": "CVE-2020-15208", + "id": "pyup.io-55849", + "more_info_path": "/vulnerabilities/CVE-2020-15208/55849", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -156999,10 +158503,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a \"DCHECK\" which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue was patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d", - "cve": "CVE-2020-15208", - "id": "pyup.io-55849", - "more_info_path": "/vulnerabilities/CVE-2020-15208/55849", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15209: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a \"nullptr\" buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with \"nullptr\". However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue was patched in commit 0b5662bc.", + "cve": "CVE-2020-15209", + "id": "pyup.io-55852", + "more_info_path": "/vulnerabilities/CVE-2020-15209/55852", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -157013,10 +158517,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15209: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a \"nullptr\" buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with \"nullptr\". However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue was patched in commit 0b5662bc.", - "cve": "CVE-2020-15209", - "id": "pyup.io-55852", - "more_info_path": "/vulnerabilities/CVE-2020-15209/55852", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15206: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's \"SavedModel\" protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using \"Tensorflow-cpu-serving\" or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d. However, this was not enough, as #41097 reported a different failure mode. The issue was finally patched in commit df095206f25471e864a8e63a0f1caef53a0e3a6", + "cve": "CVE-2020-15206", + "id": "pyup.io-55847", + "more_info_path": "/vulnerabilities/CVE-2020-15206/55847", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -157055,10 +158559,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15190: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the \"tf.raw_ops.Switch\" operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is \"nullptr\", hence we are binding a reference to \"nullptr\". This is undefined behavior and reported as an error if compiling with \"-fsanitize=null\". In this case, this results in a segmentation fault The issue was patched in commit da8558533d925694483d2c136a9220d6d49d843c\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4", - "cve": "CVE-2020-15190", - "id": "pyup.io-55850", - "more_info_path": "/vulnerabilities/CVE-2020-15190/55850", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15211: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative \"-1\" value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the \"-1\" index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue was patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83). A potential workaround would be to add a custom \"Verifier\" to the model loading code to ensure that only operators which accept optional inputs use the \"-1\" special value and only for the tensors that they expect to be optional. Since this allow-list type approach is error-prone, it's advised upgrading to the patched code.", + "cve": "CVE-2020-15211", + "id": "pyup.io-55848", + "more_info_path": "/vulnerabilities/CVE-2020-15211/55848", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -157069,10 +158573,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15211: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative \"-1\" value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the \"-1\" index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue was patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83). A potential workaround would be to add a custom \"Verifier\" to the model loading code to ensure that only operators which accept optional inputs use the \"-1\" special value and only for the tensors that they expect to be optional. Since this allow-list type approach is error-prone, it's advised upgrading to the patched code.", - "cve": "CVE-2020-15211", - "id": "pyup.io-55848", - "more_info_path": "/vulnerabilities/CVE-2020-15211/55848", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15190: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the \"tf.raw_ops.Switch\" operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is \"nullptr\", hence we are binding a reference to \"nullptr\". This is undefined behavior and reported as an error if compiling with \"-fsanitize=null\". In this case, this results in a segmentation fault The issue was patched in commit da8558533d925694483d2c136a9220d6d49d843c\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4", + "cve": "CVE-2020-15190", + "id": "pyup.io-55850", + "more_info_path": "/vulnerabilities/CVE-2020-15190/55850", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -157124,6 +158628,19 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, + { + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13630.", + "cve": "CVE-2020-13630", + "id": "pyup.io-55836", + "more_info_path": "/vulnerabilities/CVE-2020-13630/55836", + "specs": [ + "<1.15.4", + ">=2.0.0a0,<2.0.3", + ">=2.1.0rc0,<2.1.2", + ">=2.2.0rc0,<2.2.1" + ], + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" + }, { "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13434.", "cve": "CVE-2020-13434", @@ -157163,19 +158680,6 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, - { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13630.", - "cve": "CVE-2020-13630", - "id": "pyup.io-55836", - "more_info_path": "/vulnerabilities/CVE-2020-13630/55836", - "specs": [ - "<1.15.4", - ">=2.0.0a0,<2.0.3", - ">=2.1.0rc0,<2.1.2", - ">=2.2.0rc0,<2.2.1" - ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" - }, { "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13435.", "cve": "CVE-2020-13435", @@ -157229,10 +158733,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow-cpu 2.4.0 includes a fix for CVE-2020-15194: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"", - "cve": "CVE-2020-15194", - "id": "pyup.io-55844", - "more_info_path": "/vulnerabilities/CVE-2020-15194/55844", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15210: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2", + "cve": "CVE-2020-15210", + "id": "pyup.io-55843", + "more_info_path": "/vulnerabilities/CVE-2020-15210/55843", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -157243,10 +158747,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15210: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2", - "cve": "CVE-2020-15210", - "id": "pyup.io-55843", - "more_info_path": "/vulnerabilities/CVE-2020-15210/55843", + "advisory": "Tensorflow-cpu 2.4.0 includes a fix for CVE-2020-15194: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"", + "cve": "CVE-2020-15194", + "id": "pyup.io-55844", + "more_info_path": "/vulnerabilities/CVE-2020-15194/55844", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -157257,10 +158761,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 update its dependency \"PCRE\" to fix CVE-2019-20838.", - "cve": "CVE-2019-20838", - "id": "pyup.io-55821", - "more_info_path": "/vulnerabilities/CVE-2019-20838/55821", + "advisory": "Tensorflow-cpu versions 1.15.5, 2.0.4, 2.1.3, 2.2.2 and 2.3.2 update its dependency \"PCRE\" to handle CVE-2020-14155.", + "cve": "CVE-2020-14155", + "id": "pyup.io-55823", + "more_info_path": "/vulnerabilities/CVE-2020-14155/55823", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -157271,10 +158775,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2" }, { - "advisory": "Tensorflow-cpu versions 1.15.5, 2.0.4, 2.1.3, 2.2.2 and 2.3.2 update its dependency \"PCRE\" to handle CVE-2020-14155.", - "cve": "CVE-2020-14155", - "id": "pyup.io-55823", - "more_info_path": "/vulnerabilities/CVE-2020-14155/55823", + "advisory": "Tensorflow-cpu versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 update its dependency \"PCRE\" to fix CVE-2019-20838.", + "cve": "CVE-2019-20838", + "id": "pyup.io-55821", + "more_info_path": "/vulnerabilities/CVE-2019-20838/55821", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -157421,10 +158925,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25666: Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", - "cve": "CVE-2023-25666", - "id": "pyup.io-55415", - "more_info_path": "/vulnerabilities/CVE-2023-25666/55415", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", + "cve": "CVE-2023-25801", + "id": "pyup.io-55419", + "more_info_path": "/vulnerabilities/CVE-2023-25801/55419", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157432,10 +158936,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", - "cve": "CVE-2023-25801", - "id": "pyup.io-55419", - "more_info_path": "/vulnerabilities/CVE-2023-25801/55419", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", + "cve": "CVE-2023-25663", + "id": "pyup.io-55428", + "more_info_path": "/vulnerabilities/CVE-2023-25663/55428", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157443,10 +158947,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", - "cve": "CVE-2023-25662", - "id": "pyup.io-55429", - "more_info_path": "/vulnerabilities/CVE-2023-25662/55429", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25673", + "id": "pyup.io-55412", + "more_info_path": "/vulnerabilities/CVE-2023-25673/55412", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157454,10 +158958,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25672", - "id": "pyup.io-55413", - "more_info_path": "/vulnerabilities/CVE-2023-25672/55413", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25666: Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", + "cve": "CVE-2023-25666", + "id": "pyup.io-55415", + "more_info_path": "/vulnerabilities/CVE-2023-25666/55415", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157465,10 +158969,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", - "cve": "CVE-2023-25663", - "id": "pyup.io-55428", - "more_info_path": "/vulnerabilities/CVE-2023-25663/55428", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", + "cve": "CVE-2023-25662", + "id": "pyup.io-55429", + "more_info_path": "/vulnerabilities/CVE-2023-25662/55429", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157476,10 +158980,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25673", - "id": "pyup.io-55412", - "more_info_path": "/vulnerabilities/CVE-2023-25673/55412", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25672", + "id": "pyup.io-55413", + "more_info_path": "/vulnerabilities/CVE-2023-25672/55413", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157497,6 +159001,17 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, + { + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", + "cve": "CVE-2023-25659", + "id": "pyup.io-55431", + "more_info_path": "/vulnerabilities/CVE-2023-25659/55431", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, { "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25669: Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for 'tf.raw_ops.AvgPoolGrad', it can give a floating point exception.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", "cve": "CVE-2023-25669", @@ -157519,17 +159034,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", - "cve": "CVE-2023-25659", - "id": "pyup.io-55431", - "more_info_path": "/vulnerabilities/CVE-2023-25659/55431", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25658: Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", "cve": "CVE-2023-25658", @@ -157553,10 +159057,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", - "cve": "CVE-2023-25675", - "id": "pyup.io-55420", - "more_info_path": "/vulnerabilities/CVE-2023-25675/55420", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", + "cve": "CVE-2023-27579", + "id": "pyup.io-55422", + "more_info_path": "/vulnerabilities/CVE-2023-27579/55422", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157564,10 +159068,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25670: Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", - "cve": "CVE-2023-25670", - "id": "pyup.io-55424", - "more_info_path": "/vulnerabilities/CVE-2023-25670/55424", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", + "cve": "CVE-2023-25671", + "id": "pyup.io-55423", + "more_info_path": "/vulnerabilities/CVE-2023-25671/55423", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157575,10 +159079,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", - "cve": "CVE-2023-27579", - "id": "pyup.io-55422", - "more_info_path": "/vulnerabilities/CVE-2023-27579/55422", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", + "cve": "CVE-2023-25675", + "id": "pyup.io-55420", + "more_info_path": "/vulnerabilities/CVE-2023-25675/55420", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157586,10 +159090,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", - "cve": "CVE-2023-25671", - "id": "pyup.io-55423", - "more_info_path": "/vulnerabilities/CVE-2023-25671/55423", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25670: Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", + "cve": "CVE-2023-25670", + "id": "pyup.io-55424", + "more_info_path": "/vulnerabilities/CVE-2023-25670/55424", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -157749,18 +159253,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", - "cve": "CVE-2021-41227", - "id": "pyup.io-55612", - "more_info_path": "/vulnerabilities/CVE-2021-41227/55612", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", "cve": "CVE-2021-41221", @@ -157809,18 +159301,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41214", - "id": "pyup.io-55625", - "more_info_path": "/vulnerabilities/CVE-2021-41214/55625", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22926.", "cve": "CVE-2021-22926", @@ -157846,10 +159326,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", - "cve": "CVE-2021-41223", - "id": "pyup.io-55621", - "more_info_path": "/vulnerabilities/CVE-2021-41223/55621", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41228: In affected versions, TensorFlow's 'saved_model_cli' tool is vulnerable to a code injection as it calls 'eval' on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. The issue has been patched by adding a 'safe' flag which defaults to 'True' and an explicit warning for users.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v\nhttps://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", + "cve": "CVE-2021-41228", + "id": "pyup.io-55618", + "more_info_path": "/vulnerabilities/CVE-2021-41228/55618", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -157858,10 +159338,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", - "cve": "CVE-2021-22923", - "id": "pyup.io-55628", - "more_info_path": "/vulnerabilities/CVE-2021-22923/55628", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", + "cve": "CVE-2021-41227", + "id": "pyup.io-55612", + "more_info_path": "/vulnerabilities/CVE-2021-41227/55612", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -157870,10 +159350,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41203: In affected versions, an attacker can trigger undefined behavior, integer overflows, segfaults and 'CHECK'-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2", - "cve": "CVE-2021-41203", - "id": "pyup.io-55635", - "more_info_path": "/vulnerabilities/CVE-2021-41203/55635", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41214", + "id": "pyup.io-55625", + "more_info_path": "/vulnerabilities/CVE-2021-41214/55625", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -157882,10 +159362,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41228: In affected versions, TensorFlow's 'saved_model_cli' tool is vulnerable to a code injection as it calls 'eval' on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. The issue has been patched by adding a 'safe' flag which defaults to 'True' and an explicit warning for users.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v\nhttps://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", - "cve": "CVE-2021-41228", - "id": "pyup.io-55618", - "more_info_path": "/vulnerabilities/CVE-2021-41228/55618", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", + "cve": "CVE-2021-41223", + "id": "pyup.io-55621", + "more_info_path": "/vulnerabilities/CVE-2021-41223/55621", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -157894,10 +159374,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41224: In affected versions, the implementation of 'SparseFillEmptyRows' can be made to trigger a heap OOB access. This occurs whenever the size of 'indices' does not match the size of 'values'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v\nhttps://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", - "cve": "CVE-2021-41224", - "id": "pyup.io-55622", - "more_info_path": "/vulnerabilities/CVE-2021-41224/55622", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", + "cve": "CVE-2021-22923", + "id": "pyup.io-55628", + "more_info_path": "/vulnerabilities/CVE-2021-22923/55628", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -157906,10 +159386,22 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", - "cve": "CVE-2021-41217", - "id": "pyup.io-55623", - "more_info_path": "/vulnerabilities/CVE-2021-41217/55623", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41203: In affected versions, an attacker can trigger undefined behavior, integer overflows, segfaults and 'CHECK'-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2", + "cve": "CVE-2021-41203", + "id": "pyup.io-55635", + "more_info_path": "/vulnerabilities/CVE-2021-41203/55635", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41224: In affected versions, the implementation of 'SparseFillEmptyRows' can be made to trigger a heap OOB access. This occurs whenever the size of 'indices' does not match the size of 'values'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v\nhttps://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", + "cve": "CVE-2021-41224", + "id": "pyup.io-55622", + "more_info_path": "/vulnerabilities/CVE-2021-41224/55622", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -157953,6 +159445,18 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, + { + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", + "cve": "CVE-2021-41217", + "id": "pyup.io-55623", + "more_info_path": "/vulnerabilities/CVE-2021-41217/55623", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, { "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41222: In affected versions, the implementation of 'SplitV' can trigger a segfault if an attacker supplies negative arguments. This occurs whenever 'size_splits' contains more than one value and at least one value is negative. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6\nhttps://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6", "cve": "CVE-2021-41222", @@ -157965,6 +159469,30 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, + { + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", + "cve": "CVE-2021-41204", + "id": "pyup.io-55632", + "more_info_path": "/vulnerabilities/CVE-2021-41204/55632", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41225: In affected versions, TensorFlow's Grappler optimizer has a use of unitialized variable. If the 'train_nodes' vector (obtained from the saved model that gets optimized) does not contain a 'Dequeue' node, then 'dequeue_node' is left unitialized. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw\nhttps://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3", + "cve": "CVE-2021-41225", + "id": "pyup.io-55641", + "more_info_path": "/vulnerabilities/CVE-2021-41225/55641", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, { "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", "cve": "CVE-2021-22924", @@ -158025,30 +159553,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", - "cve": "CVE-2021-41204", - "id": "pyup.io-55632", - "more_info_path": "/vulnerabilities/CVE-2021-41204/55632", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, - { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41225: In affected versions, TensorFlow's Grappler optimizer has a use of unitialized variable. If the 'train_nodes' vector (obtained from the saved model that gets optimized) does not contain a 'Dequeue' node, then 'dequeue_node' is left unitialized. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw\nhttps://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3", - "cve": "CVE-2021-41225", - "id": "pyup.io-55641", - "more_info_path": "/vulnerabilities/CVE-2021-41225/55641", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41199: In affected versions, if 'tf.image.resize' is called with a large input argument then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", "cve": "CVE-2021-41199", @@ -158135,10 +159639,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", - "cve": "CVE-2022-23565", - "id": "pyup.io-55594", - "more_info_path": "/vulnerabilities/CVE-2022-23565/55594", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23574", + "id": "pyup.io-55575", + "more_info_path": "/vulnerabilities/CVE-2022-23574/55575", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158148,10 +159652,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23574", - "id": "pyup.io-55575", - "more_info_path": "/vulnerabilities/CVE-2022-23574/55575", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", + "cve": "CVE-2022-21735", + "id": "pyup.io-55591", + "more_info_path": "/vulnerabilities/CVE-2022-21735/55591", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158161,10 +159665,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23572", - "id": "pyup.io-55593", - "more_info_path": "/vulnerabilities/CVE-2022-23572/55593", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", + "cve": "CVE-2022-23564", + "id": "pyup.io-55586", + "more_info_path": "/vulnerabilities/CVE-2022-23564/55586", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158174,10 +159678,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23562: The implementation of 'Range' suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", - "cve": "CVE-2022-23562", - "id": "pyup.io-55602", - "more_info_path": "/vulnerabilities/CVE-2022-23562/55602", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", + "cve": "CVE-2022-21741", + "id": "pyup.io-55564", + "more_info_path": "/vulnerabilities/CVE-2022-21741/55564", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158187,10 +159691,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", - "cve": "CVE-2022-21735", - "id": "pyup.io-55591", - "more_info_path": "/vulnerabilities/CVE-2022-21735/55591", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23585", + "id": "pyup.io-55567", + "more_info_path": "/vulnerabilities/CVE-2022-23585/55567", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158200,10 +159704,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", - "cve": "CVE-2022-23564", - "id": "pyup.io-55586", - "more_info_path": "/vulnerabilities/CVE-2022-23564/55586", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", + "cve": "CVE-2022-21736", + "id": "pyup.io-55562", + "more_info_path": "/vulnerabilities/CVE-2022-21736/55562", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158213,10 +159717,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23577", - "id": "pyup.io-55596", - "more_info_path": "/vulnerabilities/CVE-2022-23577/55596", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21734: The implementation of 'MapStage' is vulnerable to a 'CHECK'-fail if the key tensor is not a scalar.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm", + "cve": "CVE-2022-21734", + "id": "pyup.io-55566", + "more_info_path": "/vulnerabilities/CVE-2022-21734/55566", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158226,10 +159730,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", - "cve": "CVE-2022-21741", - "id": "pyup.io-55564", - "more_info_path": "/vulnerabilities/CVE-2022-21741/55564", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", + "cve": "CVE-2022-23557", + "id": "pyup.io-55592", + "more_info_path": "/vulnerabilities/CVE-2022-23557/55592", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158239,10 +159743,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23585", - "id": "pyup.io-55567", - "more_info_path": "/vulnerabilities/CVE-2022-23585/55567", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", + "cve": "CVE-2022-23558", + "id": "pyup.io-55578", + "more_info_path": "/vulnerabilities/CVE-2022-23558/55578", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158252,10 +159756,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23578", - "id": "pyup.io-55571", - "more_info_path": "/vulnerabilities/CVE-2022-23578/55571", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23576", + "id": "pyup.io-55568", + "more_info_path": "/vulnerabilities/CVE-2022-23576/55568", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158265,10 +159769,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21737: The implementation of '*Bincount' operations allows malicious users to cause denial of service by passing in arguments which would trigger a 'CHECK'-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in 'CHECK' failures later when the output tensors get allocated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", - "cve": "CVE-2022-21737", - "id": "pyup.io-55574", - "more_info_path": "/vulnerabilities/CVE-2022-21737/55574", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", + "cve": "CVE-2022-23565", + "id": "pyup.io-55594", + "more_info_path": "/vulnerabilities/CVE-2022-23565/55594", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158278,10 +159782,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23586", - "id": "pyup.io-55583", - "more_info_path": "/vulnerabilities/CVE-2022-23586/55583", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", + "cve": "CVE-2022-23579", + "id": "pyup.io-55601", + "more_info_path": "/vulnerabilities/CVE-2022-23579/55601", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158291,10 +159795,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", - "cve": "CVE-2022-21739", - "id": "pyup.io-55580", - "more_info_path": "/vulnerabilities/CVE-2022-21739/55580", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", + "cve": "CVE-2022-23559", + "id": "pyup.io-55581", + "more_info_path": "/vulnerabilities/CVE-2022-23559/55581", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158304,10 +159808,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", - "cve": "CVE-2022-21736", - "id": "pyup.io-55562", - "more_info_path": "/vulnerabilities/CVE-2022-21736/55562", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", + "cve": "CVE-2022-21727", + "id": "pyup.io-55584", + "more_info_path": "/vulnerabilities/CVE-2022-21727/55584", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158317,10 +159821,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21734: The implementation of 'MapStage' is vulnerable to a 'CHECK'-fail if the key tensor is not a scalar.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm", - "cve": "CVE-2022-21734", - "id": "pyup.io-55566", - "more_info_path": "/vulnerabilities/CVE-2022-21734/55566", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23570", + "id": "pyup.io-55565", + "more_info_path": "/vulnerabilities/CVE-2022-23570/55565", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158330,10 +159834,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", - "cve": "CVE-2022-23557", - "id": "pyup.io-55592", - "more_info_path": "/vulnerabilities/CVE-2022-23557/55592", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23572", + "id": "pyup.io-55593", + "more_info_path": "/vulnerabilities/CVE-2022-23572/55593", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158343,10 +159847,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", - "cve": "CVE-2022-23561", - "id": "pyup.io-55608", - "more_info_path": "/vulnerabilities/CVE-2022-23561/55608", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23562: The implementation of 'Range' suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", + "cve": "CVE-2022-23562", + "id": "pyup.io-55602", + "more_info_path": "/vulnerabilities/CVE-2022-23562/55602", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158356,10 +159860,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", - "cve": "CVE-2022-23558", - "id": "pyup.io-55578", - "more_info_path": "/vulnerabilities/CVE-2022-23558/55578", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", + "cve": "CVE-2022-21728", + "id": "pyup.io-55559", + "more_info_path": "/vulnerabilities/CVE-2022-21728/55559", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158369,10 +159873,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23576", - "id": "pyup.io-55568", - "more_info_path": "/vulnerabilities/CVE-2022-23576/55568", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", + "cve": "CVE-2022-21732", + "id": "pyup.io-55598", + "more_info_path": "/vulnerabilities/CVE-2022-21732/55598", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158382,10 +159886,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", - "cve": "CVE-2022-23579", - "id": "pyup.io-55601", - "more_info_path": "/vulnerabilities/CVE-2022-23579/55601", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23591", + "id": "pyup.io-55597", + "more_info_path": "/vulnerabilities/CVE-2022-23591/55597", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158395,10 +159899,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23575", - "id": "pyup.io-55577", - "more_info_path": "/vulnerabilities/CVE-2022-23575/55577", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23577", + "id": "pyup.io-55596", + "more_info_path": "/vulnerabilities/CVE-2022-23577/55596", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158408,10 +159912,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", - "cve": "CVE-2022-23559", - "id": "pyup.io-55581", - "more_info_path": "/vulnerabilities/CVE-2022-23559/55581", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23578", + "id": "pyup.io-55571", + "more_info_path": "/vulnerabilities/CVE-2022-23578/55571", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158421,10 +159925,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", - "cve": "CVE-2022-21727", - "id": "pyup.io-55584", - "more_info_path": "/vulnerabilities/CVE-2022-21727/55584", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21737: The implementation of '*Bincount' operations allows malicious users to cause denial of service by passing in arguments which would trigger a 'CHECK'-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in 'CHECK' failures later when the output tensors get allocated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", + "cve": "CVE-2022-21737", + "id": "pyup.io-55574", + "more_info_path": "/vulnerabilities/CVE-2022-21737/55574", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158434,10 +159938,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23570", - "id": "pyup.io-55565", - "more_info_path": "/vulnerabilities/CVE-2022-23570/55565", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23586", + "id": "pyup.io-55583", + "more_info_path": "/vulnerabilities/CVE-2022-23586/55583", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158447,10 +159951,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", - "cve": "CVE-2022-21726", - "id": "pyup.io-55607", - "more_info_path": "/vulnerabilities/CVE-2022-21726/55607", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", + "cve": "CVE-2022-21739", + "id": "pyup.io-55580", + "more_info_path": "/vulnerabilities/CVE-2022-21739/55580", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158460,10 +159964,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23568: The implementation of 'AddManySparseToTensorsMap' is vulnerable to an integer overflow which results in a 'CHECK'-fail when building new 'TensorShape' objects (so, an assert failure based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", - "cve": "CVE-2022-23568", - "id": "pyup.io-55558", - "more_info_path": "/vulnerabilities/CVE-2022-23568/55558", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", + "cve": "CVE-2022-23561", + "id": "pyup.io-55608", + "more_info_path": "/vulnerabilities/CVE-2022-23561/55608", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158473,10 +159977,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", - "cve": "CVE-2022-21728", - "id": "pyup.io-55559", - "more_info_path": "/vulnerabilities/CVE-2022-21728/55559", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23575", + "id": "pyup.io-55577", + "more_info_path": "/vulnerabilities/CVE-2022-23575/55577", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158486,10 +159990,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", - "cve": "CVE-2022-21732", - "id": "pyup.io-55598", - "more_info_path": "/vulnerabilities/CVE-2022-21732/55598", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23568: The implementation of 'AddManySparseToTensorsMap' is vulnerable to an integer overflow which results in a 'CHECK'-fail when building new 'TensorShape' objects (so, an assert failure based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", + "cve": "CVE-2022-23568", + "id": "pyup.io-55558", + "more_info_path": "/vulnerabilities/CVE-2022-23568/55558", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158499,10 +160003,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23591", - "id": "pyup.io-55597", - "more_info_path": "/vulnerabilities/CVE-2022-23591/55597", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", + "cve": "CVE-2022-21726", + "id": "pyup.io-55607", + "more_info_path": "/vulnerabilities/CVE-2022-21726/55607", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158577,10 +160081,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23569: Multiple operations in TensorFlow can be used to trigger a denial of service via 'CHECK'-fails (i.e., assertion failures). This is similar to CVE-2021-41197 and has a similar fix. It is possible that other similar instances exist.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh", - "cve": "CVE-2022-23569", - "id": "pyup.io-55576", - "more_info_path": "/vulnerabilities/CVE-2022-23569/55576", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", + "cve": "CVE-2022-23560", + "id": "pyup.io-55588", + "more_info_path": "/vulnerabilities/CVE-2022-23560/55588", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158590,10 +160094,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21729: The implementation of 'UnravelIndex' is vulnerable to a division by zero caused by an integer overflow bug.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", - "cve": "CVE-2022-21729", - "id": "pyup.io-55582", - "more_info_path": "/vulnerabilities/CVE-2022-21729/55582", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23580: During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", + "cve": "CVE-2022-23580", + "id": "pyup.io-55595", + "more_info_path": "/vulnerabilities/CVE-2022-23580/55595", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158603,10 +160107,36 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", - "cve": "CVE-2022-23560", - "id": "pyup.io-55588", - "more_info_path": "/vulnerabilities/CVE-2022-23560/55588", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", + "cve": "CVE-2022-21730", + "id": "pyup.io-55561", + "more_info_path": "/vulnerabilities/CVE-2022-21730/55561", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23569: Multiple operations in TensorFlow can be used to trigger a denial of service via 'CHECK'-fails (i.e., assertion failures). This is similar to CVE-2021-41197 and has a similar fix. It is possible that other similar instances exist.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh", + "cve": "CVE-2022-23569", + "id": "pyup.io-55576", + "more_info_path": "/vulnerabilities/CVE-2022-23569/55576", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21729: The implementation of 'UnravelIndex' is vulnerable to a division by zero caused by an integer overflow bug.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", + "cve": "CVE-2022-21729", + "id": "pyup.io-55582", + "more_info_path": "/vulnerabilities/CVE-2022-21729/55582", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -158719,32 +160249,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23580: During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", - "cve": "CVE-2022-23580", - "id": "pyup.io-55595", - "more_info_path": "/vulnerabilities/CVE-2022-23580/55595", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", - "cve": "CVE-2022-21730", - "id": "pyup.io-55561", - "more_info_path": "/vulnerabilities/CVE-2022-21730/55561", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "cve": "CVE-2022-23571", @@ -158847,19 +160351,6 @@ ], "v": "<2.5.3,>=2.6.0rc0,<2.6.3,>=2.7.0rc0,<2.7.1,>=2.8.0rc0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27775.", - "cve": "CVE-2022-27775", - "id": "pyup.io-55516", - "more_info_path": "/vulnerabilities/CVE-2022-27775/55516", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27780.", "cve": "CVE-2022-27780", @@ -158873,19 +160364,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", - "cve": "CVE-2022-29199", - "id": "pyup.io-55544", - "more_info_path": "/vulnerabilities/CVE-2022-29199/55544", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29192: missing validation which crashes 'QuantizeAndDequantizeV4Grad'.", "cve": "CVE-2022-29192", @@ -158913,23 +160391,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29205: Segfault due to missing support for quantized types.", - "cve": "CVE-2022-29205", - "id": "pyup.io-55543", - "more_info_path": "/vulnerabilities/CVE-2022-29205/55543", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, - { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'zlib' to v1.2.12 to handle CVE-2018-25032.", - "cve": "CVE-2018-25032", - "id": "pyup.io-55534", - "more_info_path": "/vulnerabilities/CVE-2018-25032/55534", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27775.", + "cve": "CVE-2022-27775", + "id": "pyup.io-55516", + "more_info_path": "/vulnerabilities/CVE-2022-27775/55516", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -158977,19 +160442,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29203: Integer overflow in 'SpaceToBatchND'.", - "cve": "CVE-2022-29203", - "id": "pyup.io-55535", - "more_info_path": "/vulnerabilities/CVE-2022-29203/55535", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29194: Missing validation which causes denial of service via 'DeleteSessionTensor'.", "cve": "CVE-2022-29194", @@ -159042,19 +160494,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29212: Core dump when loading TFLite models with quantization.", - "cve": "CVE-2022-29212", - "id": "pyup.io-55550", - "more_info_path": "/vulnerabilities/CVE-2022-29212/55550", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", "cve": "CVE-2022-29206", @@ -159082,10 +160521,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", - "cve": "CVE-2022-29198", - "id": "pyup.io-55521", - "more_info_path": "/vulnerabilities/CVE-2022-29198/55521", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", + "cve": "CVE-2022-29199", + "id": "pyup.io-55544", + "more_info_path": "/vulnerabilities/CVE-2022-29199/55544", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -159121,10 +160560,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27781.", - "cve": "CVE-2022-27781", - "id": "pyup.io-55532", - "more_info_path": "/vulnerabilities/CVE-2022-27781/55532", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29205: Segfault due to missing support for quantized types.", + "cve": "CVE-2022-29205", + "id": "pyup.io-55543", + "more_info_path": "/vulnerabilities/CVE-2022-29205/55543", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -159134,10 +160573,62 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", - "cve": "CVE-2022-27776", - "id": "pyup.io-55519", - "more_info_path": "/vulnerabilities/CVE-2022-27776/55519", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'zlib' to v1.2.12 to handle CVE-2018-25032.", + "cve": "CVE-2018-25032", + "id": "pyup.io-55534", + "more_info_path": "/vulnerabilities/CVE-2018-25032/55534", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29203: Integer overflow in 'SpaceToBatchND'.", + "cve": "CVE-2022-29203", + "id": "pyup.io-55535", + "more_info_path": "/vulnerabilities/CVE-2022-29203/55535", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29212: Core dump when loading TFLite models with quantization.", + "cve": "CVE-2022-29212", + "id": "pyup.io-55550", + "more_info_path": "/vulnerabilities/CVE-2022-29212/55550", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", + "cve": "CVE-2022-29198", + "id": "pyup.io-55521", + "more_info_path": "/vulnerabilities/CVE-2022-29198/55521", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27781.", + "cve": "CVE-2022-27781", + "id": "pyup.io-55532", + "more_info_path": "/vulnerabilities/CVE-2022-27781/55532", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -159160,10 +160651,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", - "cve": "CVE-2022-22576", - "id": "pyup.io-55546", - "more_info_path": "/vulnerabilities/CVE-2022-22576/55546", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", + "cve": "CVE-2022-27776", + "id": "pyup.io-55519", + "more_info_path": "/vulnerabilities/CVE-2022-27776/55519", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -159173,10 +160664,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27774.", - "cve": "CVE-2022-27774", - "id": "pyup.io-55529", - "more_info_path": "/vulnerabilities/CVE-2022-27774/55529", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", + "cve": "CVE-2022-22576", + "id": "pyup.io-55546", + "more_info_path": "/vulnerabilities/CVE-2022-22576/55546", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -159199,10 +160690,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-30115.", - "cve": "CVE-2022-30115", - "id": "pyup.io-55533", - "more_info_path": "/vulnerabilities/CVE-2022-30115/55533", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", + "cve": "CVE-2022-29200", + "id": "pyup.io-55520", + "more_info_path": "/vulnerabilities/CVE-2022-29200/55520", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -159212,10 +160703,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", - "cve": "CVE-2022-27778", - "id": "pyup.io-55530", - "more_info_path": "/vulnerabilities/CVE-2022-27778/55530", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27774.", + "cve": "CVE-2022-27774", + "id": "pyup.io-55529", + "more_info_path": "/vulnerabilities/CVE-2022-27774/55529", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -159225,10 +160716,23 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", - "cve": "CVE-2022-29200", - "id": "pyup.io-55520", - "more_info_path": "/vulnerabilities/CVE-2022-29200/55520", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-30115.", + "cve": "CVE-2022-30115", + "id": "pyup.io-55533", + "more_info_path": "/vulnerabilities/CVE-2022-30115/55533", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", + "cve": "CVE-2022-27778", + "id": "pyup.io-55530", + "more_info_path": "/vulnerabilities/CVE-2022-27778/55530", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -159338,6 +160842,42 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", + "cve": "CVE-2022-35999", + "id": "pyup.io-55508", + "more_info_path": "/vulnerabilities/CVE-2022-35999/55508", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", + "cve": "CVE-2022-35979", + "id": "pyup.io-55463", + "more_info_path": "/vulnerabilities/CVE-2022-35979/55463", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", + "cve": "CVE-2022-36018", + "id": "pyup.io-55512", + "more_info_path": "/vulnerabilities/CVE-2022-36018/55512", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", "cve": "CVE-2022-35996", @@ -159363,10 +160903,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", - "cve": "CVE-2022-35999", - "id": "pyup.io-55508", - "more_info_path": "/vulnerabilities/CVE-2022-35999/55508", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35992: 'CHECK' fail in 'TensorListFromTensor'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", + "cve": "CVE-2022-35992", + "id": "pyup.io-55483", + "more_info_path": "/vulnerabilities/CVE-2022-35992/55483", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159375,10 +160915,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", - "cve": "CVE-2022-35979", - "id": "pyup.io-55463", - "more_info_path": "/vulnerabilities/CVE-2022-35979/55463", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", + "cve": "CVE-2022-35974", + "id": "pyup.io-55485", + "more_info_path": "/vulnerabilities/CVE-2022-35974/55485", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159387,10 +160927,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", - "cve": "CVE-2022-35988", - "id": "pyup.io-55498", - "more_info_path": "/vulnerabilities/CVE-2022-35988/55498", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", + "cve": "CVE-2022-35984", + "id": "pyup.io-55473", + "more_info_path": "/vulnerabilities/CVE-2022-35984/55473", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159399,10 +160939,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", - "cve": "CVE-2022-35983", - "id": "pyup.io-55472", - "more_info_path": "/vulnerabilities/CVE-2022-35983/55472", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", + "cve": "CVE-2022-35987", + "id": "pyup.io-55487", + "more_info_path": "/vulnerabilities/CVE-2022-35987/55487", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159411,10 +160951,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", - "cve": "CVE-2022-36018", - "id": "pyup.io-55512", - "more_info_path": "/vulnerabilities/CVE-2022-36018/55512", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", + "cve": "CVE-2022-35995", + "id": "pyup.io-55509", + "more_info_path": "/vulnerabilities/CVE-2022-35995/55509", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159423,10 +160963,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35992: 'CHECK' fail in 'TensorListFromTensor'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", - "cve": "CVE-2022-35992", - "id": "pyup.io-55483", - "more_info_path": "/vulnerabilities/CVE-2022-35992/55483", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", + "cve": "CVE-2022-36005", + "id": "pyup.io-55514", + "more_info_path": "/vulnerabilities/CVE-2022-36005/55514", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159435,10 +160975,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", - "cve": "CVE-2022-35974", - "id": "pyup.io-55485", - "more_info_path": "/vulnerabilities/CVE-2022-35974/55485", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", + "cve": "CVE-2022-36019", + "id": "pyup.io-55500", + "more_info_path": "/vulnerabilities/CVE-2022-36019/55500", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159447,10 +160987,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", - "cve": "CVE-2022-36000", - "id": "pyup.io-55482", - "more_info_path": "/vulnerabilities/CVE-2022-36000/55482", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", + "cve": "CVE-2022-35939", + "id": "pyup.io-55460", + "more_info_path": "/vulnerabilities/CVE-2022-35939/55460", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159459,10 +160999,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", - "cve": "CVE-2022-35984", - "id": "pyup.io-55473", - "more_info_path": "/vulnerabilities/CVE-2022-35984/55473", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", + "cve": "CVE-2022-35973", + "id": "pyup.io-55486", + "more_info_path": "/vulnerabilities/CVE-2022-35973/55486", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159471,10 +161011,94 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", - "cve": "CVE-2022-35987", - "id": "pyup.io-55487", - "more_info_path": "/vulnerabilities/CVE-2022-35987/55487", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", + "cve": "CVE-2022-35971", + "id": "pyup.io-55510", + "more_info_path": "/vulnerabilities/CVE-2022-35971/55510", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", + "cve": "CVE-2022-36001", + "id": "pyup.io-55506", + "more_info_path": "/vulnerabilities/CVE-2022-36001/55506", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35994: 'CHECK' fail in 'CollectiveGather'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", + "cve": "CVE-2022-35994", + "id": "pyup.io-55504", + "more_info_path": "/vulnerabilities/CVE-2022-35994/55504", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", + "cve": "CVE-2022-35988", + "id": "pyup.io-55498", + "more_info_path": "/vulnerabilities/CVE-2022-35988/55498", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", + "cve": "CVE-2022-35940", + "id": "pyup.io-55505", + "more_info_path": "/vulnerabilities/CVE-2022-35940/55505", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", + "cve": "CVE-2022-35960", + "id": "pyup.io-55462", + "more_info_path": "/vulnerabilities/CVE-2022-35960/55462", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", + "cve": "CVE-2022-35983", + "id": "pyup.io-55472", + "more_info_path": "/vulnerabilities/CVE-2022-35983/55472", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", + "cve": "CVE-2022-36000", + "id": "pyup.io-55482", + "more_info_path": "/vulnerabilities/CVE-2022-36000/55482", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159578,18 +161202,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", - "cve": "CVE-2022-35995", - "id": "pyup.io-55509", - "more_info_path": "/vulnerabilities/CVE-2022-35995/55509", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", "cve": "CVE-2022-35952", @@ -159638,30 +161250,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", - "cve": "CVE-2022-36005", - "id": "pyup.io-55514", - "more_info_path": "/vulnerabilities/CVE-2022-36005/55514", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", - "cve": "CVE-2022-36019", - "id": "pyup.io-55500", - "more_info_path": "/vulnerabilities/CVE-2022-36019/55500", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36004: 'CHECK' fail in 'tf.random.gamma'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", "cve": "CVE-2022-36004", @@ -159674,30 +161262,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", - "cve": "CVE-2022-35939", - "id": "pyup.io-55460", - "more_info_path": "/vulnerabilities/CVE-2022-35939/55460", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", - "cve": "CVE-2022-35973", - "id": "pyup.io-55486", - "more_info_path": "/vulnerabilities/CVE-2022-35973/55486", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36017: Segfault in 'Requantize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", "cve": "CVE-2022-36017", @@ -159710,18 +161274,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", - "cve": "CVE-2022-35971", - "id": "pyup.io-55510", - "more_info_path": "/vulnerabilities/CVE-2022-35971/55510", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", "cve": "CVE-2022-35985", @@ -159735,34 +161287,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", - "cve": "CVE-2022-36001", - "id": "pyup.io-55506", - "more_info_path": "/vulnerabilities/CVE-2022-36001/55506", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35994: 'CHECK' fail in 'CollectiveGather'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", - "cve": "CVE-2022-35994", - "id": "pyup.io-55504", - "more_info_path": "/vulnerabilities/CVE-2022-35994/55504", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", - "cve": "CVE-2022-35940", - "id": "pyup.io-55505", - "more_info_path": "/vulnerabilities/CVE-2022-35940/55505", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", + "cve": "CVE-2022-35965", + "id": "pyup.io-55499", + "more_info_path": "/vulnerabilities/CVE-2022-35965/55499", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159771,10 +161299,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", - "cve": "CVE-2022-35960", - "id": "pyup.io-55462", - "more_info_path": "/vulnerabilities/CVE-2022-35960/55462", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", + "cve": "CVE-2022-35989", + "id": "pyup.io-55513", + "more_info_path": "/vulnerabilities/CVE-2022-35989/55513", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159783,10 +161311,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", - "cve": "CVE-2022-35965", - "id": "pyup.io-55499", - "more_info_path": "/vulnerabilities/CVE-2022-35965/55499", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35934: 'CHECK' failure in tf.reshape via overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", + "cve": "CVE-2022-35934", + "id": "pyup.io-55469", + "more_info_path": "/vulnerabilities/CVE-2022-35934/55469", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159795,10 +161323,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", - "cve": "CVE-2022-35989", - "id": "pyup.io-55513", - "more_info_path": "/vulnerabilities/CVE-2022-35989/55513", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", + "cve": "CVE-2022-35967", + "id": "pyup.io-55501", + "more_info_path": "/vulnerabilities/CVE-2022-35967/55501", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -159854,18 +161382,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35934: 'CHECK' failure in tf.reshape via overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", - "cve": "CVE-2022-35934", - "id": "pyup.io-55469", - "more_info_path": "/vulnerabilities/CVE-2022-35934/55469", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", "cve": "CVE-2022-35963", @@ -159902,18 +161418,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", - "cve": "CVE-2022-35967", - "id": "pyup.io-55501", - "more_info_path": "/vulnerabilities/CVE-2022-35967/55501", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35969: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", "cve": "CVE-2022-35969", @@ -159986,18 +161490,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41893: If 'tf.raw_ops.TensorListResize' is given a nonscalar value for input 'size', it results 'CHECK' fail which can be used to trigger a denial of service attack.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", - "cve": "CVE-2022-41893", - "id": "pyup.io-55442", - "more_info_path": "/vulnerabilities/CVE-2022-41893/55442", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41880: When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", "cve": "CVE-2022-41880", @@ -160058,18 +161550,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", - "cve": "CVE-2022-41886", - "id": "pyup.io-55453", - "more_info_path": "/vulnerabilities/CVE-2022-41886/55453", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", "cve": "CVE-2022-41891", @@ -160094,6 +161574,30 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, + { + "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41893: If 'tf.raw_ops.TensorListResize' is given a nonscalar value for input 'size', it results 'CHECK' fail which can be used to trigger a denial of service attack.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", + "cve": "CVE-2022-41893", + "id": "pyup.io-55442", + "more_info_path": "/vulnerabilities/CVE-2022-41893/55442", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", + "cve": "CVE-2022-41886", + "id": "pyup.io-55453", + "more_info_path": "/vulnerabilities/CVE-2022-41886/55453", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, { "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", "cve": "CVE-2022-41908", @@ -160130,6 +161634,18 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, + { + "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41900: The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", + "cve": "CVE-2022-41900", + "id": "pyup.io-55445", + "more_info_path": "/vulnerabilities/CVE-2022-41900/55445", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, { "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", "cve": "CVE-2022-41885", @@ -160226,18 +161742,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41900: The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", - "cve": "CVE-2022-41900", - "id": "pyup.io-55445", - "more_info_path": "/vulnerabilities/CVE-2022-41900/55445", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow-cpu 2.8.4, 2.9.3, 2.10.1 and 2.11.0 include a fix for CVE-2022-35991: 'CHECK' fail in 'TensorListScatter' and 'TensorListScatterV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m", "cve": "CVE-2022-35991", @@ -160313,6 +161817,17 @@ ], "v": ">=1.15.0rc0,<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, + { + "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 update its dependency \"SQLite\" to handle CVE-2019-19646.", + "cve": "CVE-2019-19646", + "id": "pyup.io-55882", + "more_info_path": "/vulnerabilities/CVE-2019-19646/55882", + "specs": [ + ">=2.0.0a0,<2.0.1", + "<1.15.2" + ], + "v": ">=2.0.0a0,<2.0.1,<1.15.2" + }, { "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 updates 'sqlite3' to handle CVE-2019-16168.", "cve": "CVE-2019-16168", @@ -160335,17 +161850,6 @@ ], "v": ">=2.0.0a0,<2.0.1,<1.15.2" }, - { - "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 update its dependency \"SQLite\" to handle CVE-2019-19646.", - "cve": "CVE-2019-19646", - "id": "pyup.io-55882", - "more_info_path": "/vulnerabilities/CVE-2019-19646/55882", - "specs": [ - ">=2.0.0a0,<2.0.1", - "<1.15.2" - ], - "v": ">=2.0.0a0,<2.0.1,<1.15.2" - }, { "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 updates its dependency \"curl\" to handle CVE-2019-5482.", "cve": "CVE-2019-5482", @@ -160621,10 +162125,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", - "cve": "CVE-2021-37667", - "id": "pyup.io-55815", - "more_info_path": "/vulnerabilities/CVE-2021-37667/55815", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37642: In affected versions the implementation of 'tf.raw_ops.ResourceScatterDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.", + "cve": "CVE-2021-37642", + "id": "pyup.io-55820", + "more_info_path": "/vulnerabilities/CVE-2021-37642/55820", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -160634,10 +162138,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37671: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.Map*' and 'tf.raw_ops.OrderedMap*' operations. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that 'indices' is in ascending order, but does not check that 'indices' is not empty. The Tensorflow team has patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac.", - "cve": "CVE-2021-37671", - "id": "pyup.io-55811", - "more_info_path": "/vulnerabilities/CVE-2021-37671/55811", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", + "cve": "CVE-2021-37667", + "id": "pyup.io-55815", + "more_info_path": "/vulnerabilities/CVE-2021-37667/55815", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -160647,10 +162151,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37642: In affected versions the implementation of 'tf.raw_ops.ResourceScatterDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.", - "cve": "CVE-2021-37642", - "id": "pyup.io-55820", - "more_info_path": "/vulnerabilities/CVE-2021-37642/55820", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37671: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.Map*' and 'tf.raw_ops.OrderedMap*' operations. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that 'indices' is in ascending order, but does not check that 'indices' is not empty. The Tensorflow team has patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac.", + "cve": "CVE-2021-37671", + "id": "pyup.io-55811", + "more_info_path": "/vulnerabilities/CVE-2021-37671/55811", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -160750,6 +162254,19 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, + { + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37652: In affected versions the implementation for 'tf.raw_ops.BoostedTreesCreateEnsemble' can result in a use after free error if an attacker supplies specially crafted arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent 'free'-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. The Tensorflow team has patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.", + "cve": "CVE-2021-37652", + "id": "pyup.io-55800", + "more_info_path": "/vulnerabilities/CVE-2021-37652/55800", + "specs": [ + ">=2.3.0rc0,<2.3.4", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" + }, { "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37649: The code for 'tf.raw_ops.UncompressElement' can be made to trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a 'CompressedElement' from a 'Variant' tensor and then proceeds to dereference it for decompressing. There is no check that the 'Variant' tensor contained a 'CompressedElement', so the pointer is actually 'nullptr'. The Tensorflow team has patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.", "cve": "CVE-2021-37649", @@ -160789,19 +162306,6 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37652: In affected versions the implementation for 'tf.raw_ops.BoostedTreesCreateEnsemble' can result in a use after free error if an attacker supplies specially crafted arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent 'free'-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. The Tensorflow team has patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.", - "cve": "CVE-2021-37652", - "id": "pyup.io-55800", - "more_info_path": "/vulnerabilities/CVE-2021-37652/55800", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" - }, { "advisory": "Several versions of TensorFlow are affected by CVE-2021-37686: In affected versions, the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-L122). An attacker can craft a model such that 'ellipsis_end_idx' is smaller than 'i' (e.g., always negative). In this case, the inner loop does not increase 'i' and the 'continue' statement causes execution to skip over the preincrement at the end of the outer loop. The Tensorflow team has patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695.", "cve": "CVE-2021-37686", @@ -160839,6 +162343,62 @@ ], "v": ">=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.5.0rc0,<2.5.0" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", + "cve": "CVE-2021-29615", + "id": "pyup.io-55796", + "more_info_path": "/vulnerabilities/CVE-2021-29615/55796", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29513: Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array (https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion.", + "cve": "CVE-2021-29513", + "id": "pyup.io-55790", + "more_info_path": "/vulnerabilities/CVE-2021-29513/55790", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Tensorflow-cpu 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", + "cve": "CVE-2021-29548", + "id": "pyup.io-55786", + "more_info_path": "/vulnerabilities/CVE-2021-29548/55786", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29549: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on input shapes (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0.", + "cve": "CVE-2021-29549", + "id": "pyup.io-55794", + "more_info_path": "/vulnerabilities/CVE-2021-29549/55794", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", "cve": "CVE-2021-29533", @@ -160881,34 +162441,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", - "cve": "CVE-2021-29615", - "id": "pyup.io-55796", - "more_info_path": "/vulnerabilities/CVE-2021-29615/55796", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29513: Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array (https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion.", - "cve": "CVE-2021-29513", - "id": "pyup.io-55790", - "more_info_path": "/vulnerabilities/CVE-2021-29513/55790", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a 'CHECK'-fail in 'AddManySparseToTensorsMap'. See CVE-2021-29523.", "cve": "CVE-2021-29523", @@ -160923,20 +162455,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Tensorflow-cpu 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", - "cve": "CVE-2021-29548", - "id": "pyup.io-55786", - "more_info_path": "/vulnerabilities/CVE-2021-29548/55786", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a heap buffer overflow in 'Conv3DBackprop*'. See CVE-2021-29520.", "cve": "CVE-2021-29520", @@ -160951,20 +162469,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29549: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on input shapes (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0.", - "cve": "CVE-2021-29549", - "id": "pyup.io-55794", - "more_info_path": "/vulnerabilities/CVE-2021-29549/55794", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv3DBackprop*'. See CVE-2021-29522.", "cve": "CVE-2021-29522", @@ -161050,10 +162554,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", - "cve": "CVE-2021-29539", - "id": "pyup.io-55797", - "more_info_path": "/vulnerabilities/CVE-2021-29539/55797", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29538: An attacker can cause a division by zero to occur in 'Conv2DBackpropFilter'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then 'work_unit_size' is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.", + "cve": "CVE-2021-29538", + "id": "pyup.io-55793", + "more_info_path": "/vulnerabilities/CVE-2021-29538/55793", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -161064,10 +162568,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29538: An attacker can cause a division by zero to occur in 'Conv2DBackpropFilter'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then 'work_unit_size' is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.", - "cve": "CVE-2021-29538", - "id": "pyup.io-55793", - "more_info_path": "/vulnerabilities/CVE-2021-29538/55793", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", + "cve": "CVE-2021-29539", + "id": "pyup.io-55797", + "more_info_path": "/vulnerabilities/CVE-2021-29539/55797", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -161091,6 +162595,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", + "cve": "CVE-2021-29532", + "id": "pyup.io-55780", + "more_info_path": "/vulnerabilities/CVE-2021-29532/55780", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", "cve": "CVE-2021-29552", @@ -161134,18 +162652,18 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", - "cve": "CVE-2021-29532", - "id": "pyup.io-55780", - "more_info_path": "/vulnerabilities/CVE-2021-29532/55780", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29535: An attacker can cause a heap buffer overflow in 'QuantizedMul' by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/87cf4d3ea9949051e50ca3f071fc909538a51cd0/tensorflow/core/kernels/quantized_mul_op.cc#L287-L290) assumes that the 4 arguments are always valid scalars and tries to access the numeric value directly. However, if any of these tensors is empty, then '.flat()' is an empty buffer and accessing the element at position 0 results in overflow.", + "cve": "CVE-2021-29535", + "id": "pyup.io-55775", + "more_info_path": "/vulnerabilities/CVE-2021-29535/55775", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3" ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3" }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'StringNGrams'. See CVE-2021-29541.", @@ -161161,20 +162679,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29535: An attacker can cause a heap buffer overflow in 'QuantizedMul' by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/87cf4d3ea9949051e50ca3f071fc909538a51cd0/tensorflow/core/kernels/quantized_mul_op.cc#L287-L290) assumes that the 4 arguments are always valid scalars and tries to access the numeric value directly. However, if any of these tensors is empty, then '.flat()' is an empty buffer and accessing the element at position 0 results in overflow.", - "cve": "CVE-2021-29535", - "id": "pyup.io-55775", - "more_info_path": "/vulnerabilities/CVE-2021-29535/55775", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29536: An attacker can cause a heap buffer overflow in 'QuantizedReshape' by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/a324ac84e573fba362a5e53d4e74d5de6729933e/tensorflow/core/kernels/quantized_reshape_op.cc#L38-L55) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly. However, if any of these tensors is empty, then '.flat()' is an empty buffer and accessing the element at position 0 results in overflow.", "cve": "CVE-2021-29536", @@ -161442,10 +162946,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29556: An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/36229ea9e9451dac14a8b1f4711c435a1d84a594/tensorflow/core/kernels/reverse_op.cc#L75-L76) performs a division based on the first dimension of the tensor argument.", - "cve": "CVE-2021-29556", - "id": "pyup.io-55753", - "more_info_path": "/vulnerabilities/CVE-2021-29556/55753", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'tf.raw_ops.CTCLoss'. See CVE-2021-29613.", + "cve": "CVE-2021-29613", + "id": "pyup.io-55754", + "more_info_path": "/vulnerabilities/CVE-2021-29613/55754", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161456,10 +162960,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'tf.raw_ops.CTCLoss'. See CVE-2021-29613.", - "cve": "CVE-2021-29613", - "id": "pyup.io-55754", - "more_info_path": "/vulnerabilities/CVE-2021-29613/55754", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29556: An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/36229ea9e9451dac14a8b1f4711c435a1d84a594/tensorflow/core/kernels/reverse_op.cc#L75-L76) performs a division based on the first dimension of the tensor argument.", + "cve": "CVE-2021-29556", + "id": "pyup.io-55753", + "more_info_path": "/vulnerabilities/CVE-2021-29556/55753", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161540,10 +163044,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'SparseMatMul'. See CVE-2021-29557.", - "cve": "CVE-2021-29557", - "id": "pyup.io-55741", - "more_info_path": "/vulnerabilities/CVE-2021-29557/55741", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'MaxPoolGradWithArgmax'. See CVE-2021-29570.", + "cve": "CVE-2021-29570", + "id": "pyup.io-55743", + "more_info_path": "/vulnerabilities/CVE-2021-29570/55743", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161554,10 +163058,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'MaxPoolGradWithArgmax'. See CVE-2021-29570.", - "cve": "CVE-2021-29570", - "id": "pyup.io-55743", - "more_info_path": "/vulnerabilities/CVE-2021-29570/55743", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", + "cve": "CVE-2021-29612", + "id": "pyup.io-55742", + "more_info_path": "/vulnerabilities/CVE-2021-29612/55742", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161568,10 +163072,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", - "cve": "CVE-2021-29612", - "id": "pyup.io-55742", - "more_info_path": "/vulnerabilities/CVE-2021-29612/55742", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'SparseMatMul'. See CVE-2021-29557.", + "cve": "CVE-2021-29557", + "id": "pyup.io-55741", + "more_info_path": "/vulnerabilities/CVE-2021-29557/55741", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161651,34 +163155,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", - "cve": "CVE-2021-29605", - "id": "pyup.io-55711", - "more_info_path": "/vulnerabilities/CVE-2021-29605/55711", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB write in TFLite. See CVE-2021-29603.", - "cve": "CVE-2021-29603", - "id": "pyup.io-55716", - "more_info_path": "/vulnerabilities/CVE-2021-29603/55716", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'BatchToSpaceNd'. See CVE-2021-29593.", "cve": "CVE-2021-29593", @@ -161721,20 +163197,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", - "cve": "CVE-2021-29573", - "id": "pyup.io-55726", - "more_info_path": "/vulnerabilities/CVE-2021-29573/55726", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", "cve": "CVE-2021-29560", @@ -161763,48 +163225,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", - "cve": "CVE-2021-29580", - "id": "pyup.io-55734", - "more_info_path": "/vulnerabilities/CVE-2021-29580/55734", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", - "cve": "CVE-2021-29598", - "id": "pyup.io-55729", - "more_info_path": "/vulnerabilities/CVE-2021-29598/55729", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'SparseFillEmptyRows'. See CVE-2021-29565.", - "cve": "CVE-2021-29565", - "id": "pyup.io-55695", - "more_info_path": "/vulnerabilities/CVE-2021-29565/55695", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'EditDistance'. See CVE-2021-29564.", "cve": "CVE-2021-29564", @@ -161834,10 +163254,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.IRFFT'. See CVE-2021-29562.", - "cve": "CVE-2021-29562", - "id": "pyup.io-55691", - "more_info_path": "/vulnerabilities/CVE-2021-29562/55691", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", + "cve": "CVE-2021-29605", + "id": "pyup.io-55711", + "more_info_path": "/vulnerabilities/CVE-2021-29605/55711", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161848,10 +163268,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'DepthwiseConv'. See CVE-2021-29602.", - "cve": "CVE-2021-29602", - "id": "pyup.io-55702", - "more_info_path": "/vulnerabilities/CVE-2021-29602/55702", + "advisory": "Tensorflow-cpu versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", + "cve": "CVE-2020-8284", + "id": "pyup.io-55709", + "more_info_path": "/vulnerabilities/CVE-2020-8284/55709", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161862,10 +163282,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", - "cve": "CVE-2020-8284", - "id": "pyup.io-55709", - "more_info_path": "/vulnerabilities/CVE-2020-8284/55709", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB write in TFLite. See CVE-2021-29603.", + "cve": "CVE-2021-29603", + "id": "pyup.io-55716", + "more_info_path": "/vulnerabilities/CVE-2021-29603/55716", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161946,10 +163366,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29546: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel (https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero.", - "cve": "CVE-2021-29546", - "id": "pyup.io-55736", - "more_info_path": "/vulnerabilities/CVE-2021-29546/55736", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", + "cve": "CVE-2021-29528", + "id": "pyup.io-55731", + "more_info_path": "/vulnerabilities/CVE-2021-29528/55731", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161960,10 +163380,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", - "cve": "CVE-2021-29528", - "id": "pyup.io-55731", - "more_info_path": "/vulnerabilities/CVE-2021-29528/55731", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPool3DGradGrad'. See CVE-2021-29576.", + "cve": "CVE-2021-29576", + "id": "pyup.io-55712", + "more_info_path": "/vulnerabilities/CVE-2021-29576/55712", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161974,10 +163394,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", - "cve": "CVE-2021-29577", - "id": "pyup.io-55708", - "more_info_path": "/vulnerabilities/CVE-2021-29577/55708", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", + "cve": "CVE-2021-29573", + "id": "pyup.io-55726", + "more_info_path": "/vulnerabilities/CVE-2021-29573/55726", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -161988,10 +163408,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", - "cve": "CVE-2021-29553", - "id": "pyup.io-55732", - "more_info_path": "/vulnerabilities/CVE-2021-29553/55732", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", + "cve": "CVE-2021-29580", + "id": "pyup.io-55734", + "more_info_path": "/vulnerabilities/CVE-2021-29580/55734", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -162002,10 +163422,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPool3DGradGrad'. See CVE-2021-29576.", - "cve": "CVE-2021-29576", - "id": "pyup.io-55712", - "more_info_path": "/vulnerabilities/CVE-2021-29576/55712", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", + "cve": "CVE-2021-29598", + "id": "pyup.io-55729", + "more_info_path": "/vulnerabilities/CVE-2021-29598/55729", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -162016,10 +163436,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", - "cve": "CVE-2021-29600", - "id": "pyup.io-55713", - "more_info_path": "/vulnerabilities/CVE-2021-29600/55713", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'SparseFillEmptyRows'. See CVE-2021-29565.", + "cve": "CVE-2021-29565", + "id": "pyup.io-55695", + "more_info_path": "/vulnerabilities/CVE-2021-29565/55695", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -162043,6 +163463,34 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.IRFFT'. See CVE-2021-29562.", + "cve": "CVE-2021-29562", + "id": "pyup.io-55691", + "more_info_path": "/vulnerabilities/CVE-2021-29562/55691", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'DepthwiseConv'. See CVE-2021-29602.", + "cve": "CVE-2021-29602", + "id": "pyup.io-55702", + "more_info_path": "/vulnerabilities/CVE-2021-29602/55702", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a segfault in 'tf.raw_ops.SparseCountSparseOutput'. See CVE-2021-29619.", "cve": "CVE-2021-29619", @@ -162057,6 +163505,62 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29546: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel (https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero.", + "cve": "CVE-2021-29546", + "id": "pyup.io-55736", + "more_info_path": "/vulnerabilities/CVE-2021-29546/55736", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", + "cve": "CVE-2021-29577", + "id": "pyup.io-55708", + "more_info_path": "/vulnerabilities/CVE-2021-29577/55708", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", + "cve": "CVE-2021-29553", + "id": "pyup.io-55732", + "more_info_path": "/vulnerabilities/CVE-2021-29553/55732", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", + "cve": "CVE-2021-29600", + "id": "pyup.io-55713", + "more_info_path": "/vulnerabilities/CVE-2021-29600/55713", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division (https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->block_size` would be zero.", "cve": "CVE-2021-29587", @@ -162099,6 +163603,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", + "cve": "CVE-2021-29571", + "id": "pyup.io-55721", + "more_info_path": "/vulnerabilities/CVE-2021-29571/55721", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'DenseCountSparseOutput'. See CVE-2021-29554.", "cve": "CVE-2021-29554", @@ -162226,10 +163744,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", - "cve": "CVE-2021-29579", - "id": "pyup.io-55710", - "more_info_path": "/vulnerabilities/CVE-2021-29579/55710", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseAdd'. See CVE-2021-29609.", + "cve": "CVE-2021-29609", + "id": "pyup.io-55699", + "more_info_path": "/vulnerabilities/CVE-2021-29609/55699", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -162240,10 +163758,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseAdd'. See CVE-2021-29609.", - "cve": "CVE-2021-29609", - "id": "pyup.io-55699", - "more_info_path": "/vulnerabilities/CVE-2021-29609/55699", + "advisory": "Tensorflow-cpu 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", + "cve": "CVE-2021-29572", + "id": "pyup.io-55723", + "more_info_path": "/vulnerabilities/CVE-2021-29572/55723", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -162254,10 +163772,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", - "cve": "CVE-2021-29572", - "id": "pyup.io-55723", - "more_info_path": "/vulnerabilities/CVE-2021-29572/55723", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", + "cve": "CVE-2021-29579", + "id": "pyup.io-55710", + "more_info_path": "/vulnerabilities/CVE-2021-29579/55710", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -162337,20 +163855,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", - "cve": "CVE-2021-29571", - "id": "pyup.io-55721", - "more_info_path": "/vulnerabilities/CVE-2021-29571/55721", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29618: Passing a complex argument to `tf.transpose` at the same time as passing 'conjugate=True' argument results in a crash.", "cve": "CVE-2021-29618", @@ -162421,10 +163925,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37691: In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). The Tensorflow team has patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9.", - "cve": "CVE-2021-37691", - "id": "pyup.io-55685", - "more_info_path": "/vulnerabilities/CVE-2021-37691/55685", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37645: In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1.", + "cve": "CVE-2021-37645", + "id": "pyup.io-55684", + "more_info_path": "/vulnerabilities/CVE-2021-37645/55684", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.4.0rc0,<2.4.3", @@ -162434,10 +163938,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37645: In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1.", - "cve": "CVE-2021-37645", - "id": "pyup.io-55684", - "more_info_path": "/vulnerabilities/CVE-2021-37645/55684", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37691: In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). The Tensorflow team has patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9.", + "cve": "CVE-2021-37691", + "id": "pyup.io-55685", + "more_info_path": "/vulnerabilities/CVE-2021-37691/55685", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.4.0rc0,<2.4.3", @@ -162546,6 +164050,19 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, + { + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:\nIn affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the \"input\" tensor. A similar issue occurs in \"MklRequantizePerChannelOp\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp\nhttps://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9\nhttps://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69", + "cve": "CVE-2021-37665", + "id": "pyup.io-55674", + "more_info_path": "/vulnerabilities/CVE-2021-37665/55674", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" + }, { "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.UnravelIndex\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by \"dims\" is not empty. Hence, if one element of \"dims\" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5\nhttps://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233", "cve": "CVE-2021-37668", @@ -162560,10 +164077,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:\nIn affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the \"input\" tensor. A similar issue occurs in \"MklRequantizePerChannelOp\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp\nhttps://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9\nhttps://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69", - "cve": "CVE-2021-37665", - "id": "pyup.io-55674", - "more_info_path": "/vulnerabilities/CVE-2021-37665/55674", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37661: In affected versions an attacker can cause a denial of service in 'boosted_trees_create_quantile_stream_resource' by using negative arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that 'num_streams' only contains non-negative numbers. In turn, this results in using this value to allocate memory (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, 'reserve' receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library. The Tensorflow team has patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992.", + "cve": "CVE-2021-37661", + "id": "pyup.io-55673", + "more_info_path": "/vulnerabilities/CVE-2021-37661/55673", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -162598,19 +164115,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, - { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37661: In affected versions an attacker can cause a denial of service in 'boosted_trees_create_quantile_stream_resource' by using negative arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that 'num_streams' only contains non-negative numbers. In turn, this results in using this value to allocate memory (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, 'reserve' receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library. The Tensorflow team has patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992.", - "cve": "CVE-2021-37661", - "id": "pyup.io-55673", - "more_info_path": "/vulnerabilities/CVE-2021-37661/55673", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" - }, { "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", "cve": "CVE-2021-37685", @@ -162638,10 +164142,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37684: In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. The Tensorflow team has patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695 (https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695).", - "cve": "CVE-2021-37684", - "id": "pyup.io-55661", - "more_info_path": "/vulnerabilities/CVE-2021-37684/55661", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37662: In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in 'BoostedTreesCalculateBestGainsPerFeature' and similar attack can occur in 'BoostedTreesCalculateBestFeatureSplitV2'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. The Tensorflow team has patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7.", + "cve": "CVE-2021-37662", + "id": "pyup.io-55662", + "more_info_path": "/vulnerabilities/CVE-2021-37662/55662", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -162651,10 +164155,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37662: In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in 'BoostedTreesCalculateBestGainsPerFeature' and similar attack can occur in 'BoostedTreesCalculateBestFeatureSplitV2'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. The Tensorflow team has patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7.", - "cve": "CVE-2021-37662", - "id": "pyup.io-55662", - "more_info_path": "/vulnerabilities/CVE-2021-37662/55662", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37684: In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. The Tensorflow team has patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695 (https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695).", + "cve": "CVE-2021-37684", + "id": "pyup.io-55661", + "more_info_path": "/vulnerabilities/CVE-2021-37684/55661", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -162767,19 +164271,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, - { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37650: In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. The Tensorflow team has patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.", - "cve": "CVE-2021-37650", - "id": "pyup.io-55654", - "more_info_path": "/vulnerabilities/CVE-2021-37650/55654", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", "cve": "CVE-2021-37670", @@ -162806,45 +164297,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, - { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37669:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.NonMaxSuppressionV5\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a \"std::vector\". However, as \"std::vector::resize\" takes the size argument as a \"size_t\" and \"output_size\" is an \"int\", there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in \"CombinedNonMaxSuppression\". The Tensorflow team has patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c\nhttps://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d\nhttps://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58", - "cve": "CVE-2021-37669", - "id": "pyup.io-55656", - "more_info_path": "/vulnerabilities/CVE-2021-37669/55656", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, - { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22901", - "id": "pyup.io-55650", - "more_info_path": "/vulnerabilities/CVE-2021-22901/55650", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, - { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22876", - "id": "pyup.io-55652", - "more_info_path": "/vulnerabilities/CVE-2021-22876/55652", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", "cve": "CVE-2021-37672", @@ -162884,6 +164336,58 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, + { + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37650: In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. The Tensorflow team has patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.", + "cve": "CVE-2021-37650", + "id": "pyup.io-55654", + "more_info_path": "/vulnerabilities/CVE-2021-37650/55654", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, + { + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37669:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.NonMaxSuppressionV5\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a \"std::vector\". However, as \"std::vector::resize\" takes the size argument as a \"size_t\" and \"output_size\" is an \"int\", there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in \"CombinedNonMaxSuppression\". The Tensorflow team has patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c\nhttps://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d\nhttps://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58", + "cve": "CVE-2021-37669", + "id": "pyup.io-55656", + "more_info_path": "/vulnerabilities/CVE-2021-37669/55656", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, + { + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22901", + "id": "pyup.io-55650", + "more_info_path": "/vulnerabilities/CVE-2021-22901/55650", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, + { + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22876", + "id": "pyup.io-55652", + "more_info_path": "/vulnerabilities/CVE-2021-22876/55652", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, { "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:\nIn affected versions, an attacker can trigger a denial of service via a \"CHECK\"-fail in \"tf.raw_ops.MapStage\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the \"key\" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg\nhttps://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d", "cve": "CVE-2021-37673", @@ -164686,9 +166190,9 @@ "tensorflow-federated": [ { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29195", - "id": "pyup.io-49276", - "more_info_path": "/vulnerabilities/CVE-2022-29195/49276", + "cve": "CVE-2022-29192", + "id": "pyup.io-49273", + "more_info_path": "/vulnerabilities/CVE-2022-29192/49273", "specs": [ "<0.25.0" ], @@ -164696,9 +166200,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29192", - "id": "pyup.io-49273", - "more_info_path": "/vulnerabilities/CVE-2022-29192/49273", + "cve": "CVE-2022-29208", + "id": "pyup.io-49289", + "more_info_path": "/vulnerabilities/CVE-2022-29208/49289", "specs": [ "<0.25.0" ], @@ -164706,9 +166210,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29198", - "id": "pyup.io-49279", - "more_info_path": "/vulnerabilities/CVE-2022-29198/49279", + "cve": "CVE-2022-29210", + "id": "pyup.io-49291", + "more_info_path": "/vulnerabilities/CVE-2022-29210/49291", "specs": [ "<0.25.0" ], @@ -164716,9 +166220,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29203", - "id": "pyup.io-49284", - "more_info_path": "/vulnerabilities/CVE-2022-29203/49284", + "cve": "CVE-2022-27774", + "id": "pyup.io-49264", + "more_info_path": "/vulnerabilities/CVE-2022-27774/49264", "specs": [ "<0.25.0" ], @@ -164726,9 +166230,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29194", - "id": "pyup.io-49275", - "more_info_path": "/vulnerabilities/CVE-2022-29194/49275", + "cve": "CVE-2022-29198", + "id": "pyup.io-49279", + "more_info_path": "/vulnerabilities/CVE-2022-29198/49279", "specs": [ "<0.25.0" ], @@ -164736,9 +166240,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29193", - "id": "pyup.io-49274", - "more_info_path": "/vulnerabilities/CVE-2022-29193/49274", + "cve": "CVE-2022-29203", + "id": "pyup.io-49284", + "more_info_path": "/vulnerabilities/CVE-2022-29203/49284", "specs": [ "<0.25.0" ], @@ -164746,9 +166250,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29212", - "id": "pyup.io-49293", - "more_info_path": "/vulnerabilities/CVE-2022-29212/49293", + "cve": "CVE-2022-29193", + "id": "pyup.io-49274", + "more_info_path": "/vulnerabilities/CVE-2022-29193/49274", "specs": [ "<0.25.0" ], @@ -164756,9 +166260,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27776", - "id": "pyup.io-49266", - "more_info_path": "/vulnerabilities/CVE-2022-27776/49266", + "cve": "CVE-2022-27775", + "id": "pyup.io-49265", + "more_info_path": "/vulnerabilities/CVE-2022-27775/49265", "specs": [ "<0.25.0" ], @@ -164766,9 +166270,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27774", - "id": "pyup.io-49264", - "more_info_path": "/vulnerabilities/CVE-2022-27774/49264", + "cve": "CVE-2022-29204", + "id": "pyup.io-49285", + "more_info_path": "/vulnerabilities/CVE-2022-29204/49285", "specs": [ "<0.25.0" ], @@ -164776,9 +166280,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27775", - "id": "pyup.io-49265", - "more_info_path": "/vulnerabilities/CVE-2022-27775/49265", + "cve": "CVE-2022-27781", + "id": "pyup.io-49270", + "more_info_path": "/vulnerabilities/CVE-2022-27781/49270", "specs": [ "<0.25.0" ], @@ -164786,9 +166290,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29209", - "id": "pyup.io-49290", - "more_info_path": "/vulnerabilities/CVE-2022-29209/49290", + "cve": "CVE-2022-27779", + "id": "pyup.io-49268", + "more_info_path": "/vulnerabilities/CVE-2022-27779/49268", "specs": [ "<0.25.0" ], @@ -164796,9 +166300,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29204", - "id": "pyup.io-49285", - "more_info_path": "/vulnerabilities/CVE-2022-29204/49285", + "cve": "CVE-2022-29202", + "id": "pyup.io-49283", + "more_info_path": "/vulnerabilities/CVE-2022-29202/49283", "specs": [ "<0.25.0" ], @@ -164806,9 +166310,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29201", - "id": "pyup.io-49282", - "more_info_path": "/vulnerabilities/CVE-2022-29201/49282", + "cve": "CVE-2022-27776", + "id": "pyup.io-49266", + "more_info_path": "/vulnerabilities/CVE-2022-27776/49266", "specs": [ "<0.25.0" ], @@ -164816,9 +166320,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27778", - "id": "pyup.io-49267", - "more_info_path": "/vulnerabilities/CVE-2022-27778/49267", + "cve": "CVE-2022-29207", + "id": "pyup.io-49288", + "more_info_path": "/vulnerabilities/CVE-2022-29207/49288", "specs": [ "<0.25.0" ], @@ -164826,9 +166330,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29205", - "id": "pyup.io-49286", - "more_info_path": "/vulnerabilities/CVE-2022-29205/49286", + "cve": "CVE-2022-30115", + "id": "pyup.io-49296", + "more_info_path": "/vulnerabilities/CVE-2022-30115/49296", "specs": [ "<0.25.0" ], @@ -164836,9 +166340,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29197", - "id": "pyup.io-49278", - "more_info_path": "/vulnerabilities/CVE-2022-29197/49278", + "cve": "CVE-2022-22576", + "id": "pyup.io-49263", + "more_info_path": "/vulnerabilities/CVE-2022-22576/49263", "specs": [ "<0.25.0" ], @@ -164846,9 +166350,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27781", - "id": "pyup.io-49270", - "more_info_path": "/vulnerabilities/CVE-2022-27781/49270", + "cve": "CVE-2022-29212", + "id": "pyup.io-49293", + "more_info_path": "/vulnerabilities/CVE-2022-29212/49293", "specs": [ "<0.25.0" ], @@ -164856,9 +166360,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-49261", - "more_info_path": "/vulnerabilities/CVE-2018-25032/49261", + "cve": "CVE-2022-29200", + "id": "pyup.io-49281", + "more_info_path": "/vulnerabilities/CVE-2022-29200/49281", "specs": [ "<0.25.0" ], @@ -164866,9 +166370,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29196", - "id": "pyup.io-49277", - "more_info_path": "/vulnerabilities/CVE-2022-29196/49277", + "cve": "CVE-2022-29199", + "id": "pyup.io-49280", + "more_info_path": "/vulnerabilities/CVE-2022-29199/49280", "specs": [ "<0.25.0" ], @@ -164876,9 +166380,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29211", - "id": "pyup.io-49292", - "more_info_path": "/vulnerabilities/CVE-2022-29211/49292", + "cve": "CVE-2022-27780", + "id": "pyup.io-49269", + "more_info_path": "/vulnerabilities/CVE-2022-27780/49269", "specs": [ "<0.25.0" ], @@ -164886,9 +166390,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29191", - "id": "pyup.io-49272", - "more_info_path": "/vulnerabilities/CVE-2022-29191/49272", + "cve": "CVE-2022-29216", + "id": "pyup.io-49295", + "more_info_path": "/vulnerabilities/CVE-2022-29216/49295", "specs": [ "<0.25.0" ], @@ -164896,9 +166400,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29206", - "id": "pyup.io-49287", - "more_info_path": "/vulnerabilities/CVE-2022-29206/49287", + "cve": "CVE-2022-29194", + "id": "pyup.io-49275", + "more_info_path": "/vulnerabilities/CVE-2022-29194/49275", "specs": [ "<0.25.0" ], @@ -164906,9 +166410,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27779", - "id": "pyup.io-49268", - "more_info_path": "/vulnerabilities/CVE-2022-27779/49268", + "cve": "CVE-2022-29206", + "id": "pyup.io-49287", + "more_info_path": "/vulnerabilities/CVE-2022-29206/49287", "specs": [ "<0.25.0" ], @@ -164916,9 +166420,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29216", - "id": "pyup.io-49295", - "more_info_path": "/vulnerabilities/CVE-2022-29216/49295", + "cve": "CVE-2022-29191", + "id": "pyup.io-49272", + "more_info_path": "/vulnerabilities/CVE-2022-29191/49272", "specs": [ "<0.25.0" ], @@ -164926,9 +166430,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27780", - "id": "pyup.io-49269", - "more_info_path": "/vulnerabilities/CVE-2022-27780/49269", + "cve": "CVE-2022-29211", + "id": "pyup.io-49292", + "more_info_path": "/vulnerabilities/CVE-2022-29211/49292", "specs": [ "<0.25.0" ], @@ -164936,9 +166440,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29202", - "id": "pyup.io-49283", - "more_info_path": "/vulnerabilities/CVE-2022-29202/49283", + "cve": "CVE-2022-29196", + "id": "pyup.io-49277", + "more_info_path": "/vulnerabilities/CVE-2022-29196/49277", "specs": [ "<0.25.0" ], @@ -164946,9 +166450,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29199", - "id": "pyup.io-49280", - "more_info_path": "/vulnerabilities/CVE-2022-29199/49280", + "cve": "CVE-2018-25032", + "id": "pyup.io-49261", + "more_info_path": "/vulnerabilities/CVE-2018-25032/49261", "specs": [ "<0.25.0" ], @@ -164956,9 +166460,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29200", - "id": "pyup.io-49281", - "more_info_path": "/vulnerabilities/CVE-2022-29200/49281", + "cve": "CVE-2022-29205", + "id": "pyup.io-49286", + "more_info_path": "/vulnerabilities/CVE-2022-29205/49286", "specs": [ "<0.25.0" ], @@ -164966,9 +166470,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27782", - "id": "pyup.io-49271", - "more_info_path": "/vulnerabilities/CVE-2022-27782/49271", + "cve": "CVE-2022-29197", + "id": "pyup.io-49278", + "more_info_path": "/vulnerabilities/CVE-2022-29197/49278", "specs": [ "<0.25.0" ], @@ -164976,9 +166480,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29210", - "id": "pyup.io-49291", - "more_info_path": "/vulnerabilities/CVE-2022-29210/49291", + "cve": "CVE-2022-29213", + "id": "pyup.io-49294", + "more_info_path": "/vulnerabilities/CVE-2022-29213/49294", "specs": [ "<0.25.0" ], @@ -164986,9 +166490,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29208", - "id": "pyup.io-49289", - "more_info_path": "/vulnerabilities/CVE-2022-29208/49289", + "cve": "CVE-2022-29201", + "id": "pyup.io-49282", + "more_info_path": "/vulnerabilities/CVE-2022-29201/49282", "specs": [ "<0.25.0" ], @@ -164996,9 +166500,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29213", - "id": "pyup.io-49294", - "more_info_path": "/vulnerabilities/CVE-2022-29213/49294", + "cve": "CVE-2022-27778", + "id": "pyup.io-49267", + "more_info_path": "/vulnerabilities/CVE-2022-27778/49267", "specs": [ "<0.25.0" ], @@ -165006,9 +166510,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29207", - "id": "pyup.io-49288", - "more_info_path": "/vulnerabilities/CVE-2022-29207/49288", + "cve": "CVE-2022-29209", + "id": "pyup.io-49290", + "more_info_path": "/vulnerabilities/CVE-2022-29209/49290", "specs": [ "<0.25.0" ], @@ -165016,9 +166520,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-30115", - "id": "pyup.io-49296", - "more_info_path": "/vulnerabilities/CVE-2022-30115/49296", + "cve": "CVE-2022-27782", + "id": "pyup.io-49271", + "more_info_path": "/vulnerabilities/CVE-2022-27782/49271", "specs": [ "<0.25.0" ], @@ -165026,9 +166530,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-22576", - "id": "pyup.io-49263", - "more_info_path": "/vulnerabilities/CVE-2022-22576/49263", + "cve": "CVE-2022-29195", + "id": "pyup.io-49276", + "more_info_path": "/vulnerabilities/CVE-2022-29195/49276", "specs": [ "<0.25.0" ], @@ -171297,26 +172801,6 @@ } ], "tensorflow-intel": [ - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", - "cve": "CVE-2022-36026", - "id": "pyup.io-56572", - "more_info_path": "/vulnerabilities/CVE-2022-36026/56572", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", - "cve": "CVE-2022-35968", - "id": "pyup.io-56586", - "more_info_path": "/vulnerabilities/CVE-2022-35968/56586", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", "cve": "CVE-2022-36027", @@ -171327,16 +172811,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", - "cve": "CVE-2022-36005", - "id": "pyup.io-56598", - "more_info_path": "/vulnerabilities/CVE-2022-36005/56598", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", "cve": "CVE-2022-35971", @@ -171367,16 +172841,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35941: 'CHECK' failure in 'AvgPoolOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5", - "cve": "CVE-2022-35941", - "id": "pyup.io-56580", - "more_info_path": "/vulnerabilities/CVE-2022-35941/56580", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35993: 'CHECK' fail in 'SetSize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", "cve": "CVE-2022-35993", @@ -171487,16 +172951,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", - "cve": "CVE-2022-36002", - "id": "pyup.io-56554", - "more_info_path": "/vulnerabilities/CVE-2022-36002/56554", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", "cve": "CVE-2022-35967", @@ -171507,16 +172961,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", - "cve": "CVE-2022-35963", - "id": "pyup.io-56591", - "more_info_path": "/vulnerabilities/CVE-2022-35963/56591", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", "cve": "CVE-2022-35974", @@ -171557,26 +173001,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", - "cve": "CVE-2022-35988", - "id": "pyup.io-56582", - "more_info_path": "/vulnerabilities/CVE-2022-35988/56582", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", - "cve": "CVE-2022-35983", - "id": "pyup.io-56556", - "more_info_path": "/vulnerabilities/CVE-2022-35983/56556", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", "cve": "CVE-2022-35989", @@ -171597,16 +173021,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", - "cve": "CVE-2022-35982", - "id": "pyup.io-56576", - "more_info_path": "/vulnerabilities/CVE-2022-35982/56576", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36015: Integer overflow in math ops. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", "cve": "CVE-2022-36015", @@ -171647,16 +173061,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", - "cve": "CVE-2022-36001", - "id": "pyup.io-56590", - "more_info_path": "/vulnerabilities/CVE-2022-36001/56590", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", "cve": "CVE-2022-35939", @@ -171697,16 +173101,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", - "cve": "CVE-2022-35998", - "id": "pyup.io-56563", - "more_info_path": "/vulnerabilities/CVE-2022-35998/56563", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", "cve": "CVE-2022-35986", @@ -171788,75 +173182,251 @@ "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", - "cve": "CVE-2022-36018", - "id": "pyup.io-56596", - "more_info_path": "/vulnerabilities/CVE-2022-36018/56596", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", + "cve": "CVE-2022-35960", + "id": "pyup.io-56546", + "more_info_path": "/vulnerabilities/CVE-2022-35960/56546", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", - "cve": "CVE-2022-35995", - "id": "pyup.io-56593", - "more_info_path": "/vulnerabilities/CVE-2022-35995/56593", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", + "cve": "CVE-2022-36012", + "id": "pyup.io-56555", + "more_info_path": "/vulnerabilities/CVE-2022-36012/56555", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", - "cve": "CVE-2022-35960", - "id": "pyup.io-56546", - "more_info_path": "/vulnerabilities/CVE-2022-35960/56546", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", + "cve": "CVE-2022-36013", + "id": "pyup.io-56564", + "more_info_path": "/vulnerabilities/CVE-2022-36013/56564", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", - "cve": "CVE-2022-35981", - "id": "pyup.io-56565", - "more_info_path": "/vulnerabilities/CVE-2022-35981/56565", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", + "cve": "CVE-2022-36014", + "id": "pyup.io-56579", + "more_info_path": "/vulnerabilities/CVE-2022-36014/56579", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", - "cve": "CVE-2022-36012", - "id": "pyup.io-56555", - "more_info_path": "/vulnerabilities/CVE-2022-36012/56555", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", + "cve": "CVE-2022-36026", + "id": "pyup.io-56572", + "more_info_path": "/vulnerabilities/CVE-2022-36026/56572", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", - "cve": "CVE-2022-36013", - "id": "pyup.io-56564", - "more_info_path": "/vulnerabilities/CVE-2022-36013/56564", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", + "cve": "CVE-2022-35968", + "id": "pyup.io-56586", + "more_info_path": "/vulnerabilities/CVE-2022-35968/56586", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", - "cve": "CVE-2022-36014", - "id": "pyup.io-56579", - "more_info_path": "/vulnerabilities/CVE-2022-36014/56579", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", + "cve": "CVE-2022-36005", + "id": "pyup.io-56598", + "more_info_path": "/vulnerabilities/CVE-2022-36005/56598", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35941: 'CHECK' failure in 'AvgPoolOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5", + "cve": "CVE-2022-35941", + "id": "pyup.io-56580", + "more_info_path": "/vulnerabilities/CVE-2022-35941/56580", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", + "cve": "CVE-2022-36002", + "id": "pyup.io-56554", + "more_info_path": "/vulnerabilities/CVE-2022-36002/56554", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", + "cve": "CVE-2022-35963", + "id": "pyup.io-56591", + "more_info_path": "/vulnerabilities/CVE-2022-35963/56591", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", + "cve": "CVE-2022-35988", + "id": "pyup.io-56582", + "more_info_path": "/vulnerabilities/CVE-2022-35988/56582", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", + "cve": "CVE-2022-35983", + "id": "pyup.io-56556", + "more_info_path": "/vulnerabilities/CVE-2022-35983/56556", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", + "cve": "CVE-2022-35982", + "id": "pyup.io-56576", + "more_info_path": "/vulnerabilities/CVE-2022-35982/56576", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", + "cve": "CVE-2022-36001", + "id": "pyup.io-56590", + "more_info_path": "/vulnerabilities/CVE-2022-36001/56590", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", + "cve": "CVE-2022-35998", + "id": "pyup.io-56563", + "more_info_path": "/vulnerabilities/CVE-2022-35998/56563", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", + "cve": "CVE-2022-36018", + "id": "pyup.io-56596", + "more_info_path": "/vulnerabilities/CVE-2022-36018/56596", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", + "cve": "CVE-2022-35995", + "id": "pyup.io-56593", + "more_info_path": "/vulnerabilities/CVE-2022-35995/56593", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", + "cve": "CVE-2022-35981", + "id": "pyup.io-56565", + "more_info_path": "/vulnerabilities/CVE-2022-35981/56565", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25673", + "id": "pyup.io-56495", + "more_info_path": "/vulnerabilities/CVE-2023-25673/56495", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25674: Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", + "cve": "CVE-2023-25674", + "id": "pyup.io-56500", + "more_info_path": "/vulnerabilities/CVE-2023-25674/56500", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", + "cve": "CVE-2023-25675", + "id": "pyup.io-56503", + "more_info_path": "/vulnerabilities/CVE-2023-25675/56503", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", + "cve": "CVE-2023-25659", + "id": "pyup.io-56514", + "more_info_path": "/vulnerabilities/CVE-2023-25659/56514", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25669: Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for 'tf.raw_ops.AvgPoolGrad', it can give a floating point exception.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", + "cve": "CVE-2023-25669", + "id": "pyup.io-56508", + "more_info_path": "/vulnerabilities/CVE-2023-25669/56508", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", + "cve": "CVE-2023-27579", + "id": "pyup.io-56505", + "more_info_path": "/vulnerabilities/CVE-2023-27579/56505", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, { "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", "cve": "CVE-2023-25662", @@ -171901,17 +173471,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25673", - "id": "pyup.io-56495", - "more_info_path": "/vulnerabilities/CVE-2023-25673/56495", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "cve": "CVE-2023-25672", @@ -171945,28 +173504,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25674: Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", - "cve": "CVE-2023-25674", - "id": "pyup.io-56500", - "more_info_path": "/vulnerabilities/CVE-2023-25674/56500", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", - "cve": "CVE-2023-25675", - "id": "pyup.io-56503", - "more_info_path": "/vulnerabilities/CVE-2023-25675/56503", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25670: Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", "cve": "CVE-2023-25670", @@ -171978,17 +173515,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", - "cve": "CVE-2023-25659", - "id": "pyup.io-56514", - "more_info_path": "/vulnerabilities/CVE-2023-25659/56514", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25664: Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr", "cve": "CVE-2023-25664", @@ -172000,17 +173526,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25669: Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for 'tf.raw_ops.AvgPoolGrad', it can give a floating point exception.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", - "cve": "CVE-2023-25669", - "id": "pyup.io-56508", - "more_info_path": "/vulnerabilities/CVE-2023-25669/56508", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", "cve": "CVE-2023-25676", @@ -172044,17 +173559,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", - "cve": "CVE-2023-27579", - "id": "pyup.io-56505", - "more_info_path": "/vulnerabilities/CVE-2023-27579/56505", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", "cve": "CVE-2023-25671", @@ -172129,18 +173633,6 @@ ], "v": "<2.14.1" }, - { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", - "cve": "CVE-2022-41908", - "id": "pyup.io-56527", - "more_info_path": "/vulnerabilities/CVE-2022-41908/56527", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", "cve": "CVE-2022-41907", @@ -172166,10 +173658,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", - "cve": "CVE-2022-41901", - "id": "pyup.io-56518", - "more_info_path": "/vulnerabilities/CVE-2022-41901/56518", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", + "cve": "CVE-2022-41898", + "id": "pyup.io-56539", + "more_info_path": "/vulnerabilities/CVE-2022-41898/56539", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172178,10 +173670,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", - "cve": "CVE-2022-41890", - "id": "pyup.io-56529", - "more_info_path": "/vulnerabilities/CVE-2022-41890/56529", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41884: If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", + "cve": "CVE-2022-41884", + "id": "pyup.io-56534", + "more_info_path": "/vulnerabilities/CVE-2022-41884/56534", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172190,10 +173682,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", - "cve": "CVE-2022-41898", - "id": "pyup.io-56539", - "more_info_path": "/vulnerabilities/CVE-2022-41898/56539", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", + "cve": "CVE-2022-41891", + "id": "pyup.io-56520", + "more_info_path": "/vulnerabilities/CVE-2022-41891/56520", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172202,10 +173694,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41910: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", - "cve": "CVE-2022-41910", - "id": "pyup.io-56537", - "more_info_path": "/vulnerabilities/CVE-2022-41910/56537", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", + "cve": "CVE-2022-41895", + "id": "pyup.io-56519", + "more_info_path": "/vulnerabilities/CVE-2022-41895/56519", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172214,10 +173706,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", - "cve": "CVE-2022-41902", - "id": "pyup.io-56532", - "more_info_path": "/vulnerabilities/CVE-2022-41902/56532", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", + "cve": "CVE-2022-41889", + "id": "pyup.io-56522", + "more_info_path": "/vulnerabilities/CVE-2022-41889/56522", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172226,10 +173718,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41884: If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", - "cve": "CVE-2022-41884", - "id": "pyup.io-56534", - "more_info_path": "/vulnerabilities/CVE-2022-41884/56534", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41880: When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", + "cve": "CVE-2022-41880", + "id": "pyup.io-56530", + "more_info_path": "/vulnerabilities/CVE-2022-41880/56530", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172238,10 +173730,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", - "cve": "CVE-2022-41891", - "id": "pyup.io-56520", - "more_info_path": "/vulnerabilities/CVE-2022-41891/56520", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", + "cve": "CVE-2022-41894", + "id": "pyup.io-56540", + "more_info_path": "/vulnerabilities/CVE-2022-41894/56540", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172250,10 +173742,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", - "cve": "CVE-2022-41895", - "id": "pyup.io-56519", - "more_info_path": "/vulnerabilities/CVE-2022-41895/56519", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", + "cve": "CVE-2022-41886", + "id": "pyup.io-56536", + "more_info_path": "/vulnerabilities/CVE-2022-41886/56536", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172262,10 +173754,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", - "cve": "CVE-2022-41896", - "id": "pyup.io-56533", - "more_info_path": "/vulnerabilities/CVE-2022-41896/56533", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41900: The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", + "cve": "CVE-2022-41900", + "id": "pyup.io-56528", + "more_info_path": "/vulnerabilities/CVE-2022-41900/56528", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172274,10 +173766,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", - "cve": "CVE-2022-41885", - "id": "pyup.io-56523", - "more_info_path": "/vulnerabilities/CVE-2022-41885/56523", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", + "cve": "CVE-2022-41908", + "id": "pyup.io-56527", + "more_info_path": "/vulnerabilities/CVE-2022-41908/56527", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172286,10 +173778,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", - "cve": "CVE-2022-41909", - "id": "pyup.io-56526", - "more_info_path": "/vulnerabilities/CVE-2022-41909/56526", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", + "cve": "CVE-2022-41901", + "id": "pyup.io-56518", + "more_info_path": "/vulnerabilities/CVE-2022-41901/56518", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172298,10 +173790,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", - "cve": "CVE-2022-41889", - "id": "pyup.io-56522", - "more_info_path": "/vulnerabilities/CVE-2022-41889/56522", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", + "cve": "CVE-2022-41890", + "id": "pyup.io-56529", + "more_info_path": "/vulnerabilities/CVE-2022-41890/56529", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172310,10 +173802,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41880: When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", - "cve": "CVE-2022-41880", - "id": "pyup.io-56530", - "more_info_path": "/vulnerabilities/CVE-2022-41880/56530", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41910: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", + "cve": "CVE-2022-41910", + "id": "pyup.io-56537", + "more_info_path": "/vulnerabilities/CVE-2022-41910/56537", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172322,10 +173814,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", - "cve": "CVE-2022-41894", - "id": "pyup.io-56540", - "more_info_path": "/vulnerabilities/CVE-2022-41894/56540", + "advisory": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", + "cve": "CVE-2022-41902", + "id": "pyup.io-56532", + "more_info_path": "/vulnerabilities/CVE-2022-41902/56532", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172334,10 +173826,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", - "cve": "CVE-2022-41911", - "id": "pyup.io-56521", - "more_info_path": "/vulnerabilities/CVE-2022-41911/56521", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", + "cve": "CVE-2022-41896", + "id": "pyup.io-56533", + "more_info_path": "/vulnerabilities/CVE-2022-41896/56533", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172346,10 +173838,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", - "cve": "CVE-2022-41888", - "id": "pyup.io-56538", - "more_info_path": "/vulnerabilities/CVE-2022-41888/56538", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", + "cve": "CVE-2022-41885", + "id": "pyup.io-56523", + "more_info_path": "/vulnerabilities/CVE-2022-41885/56523", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172358,10 +173850,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", - "cve": "CVE-2022-41897", - "id": "pyup.io-56535", - "more_info_path": "/vulnerabilities/CVE-2022-41897/56535", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", + "cve": "CVE-2022-41909", + "id": "pyup.io-56526", + "more_info_path": "/vulnerabilities/CVE-2022-41909/56526", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172370,10 +173862,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", - "cve": "CVE-2022-41886", - "id": "pyup.io-56536", - "more_info_path": "/vulnerabilities/CVE-2022-41886/56536", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", + "cve": "CVE-2022-41911", + "id": "pyup.io-56521", + "more_info_path": "/vulnerabilities/CVE-2022-41911/56521", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172382,10 +173874,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", - "cve": "CVE-2022-41899", - "id": "pyup.io-56524", - "more_info_path": "/vulnerabilities/CVE-2022-41899/56524", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", + "cve": "CVE-2022-41888", + "id": "pyup.io-56538", + "more_info_path": "/vulnerabilities/CVE-2022-41888/56538", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -172394,10 +173886,22 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41900: The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", - "cve": "CVE-2022-41900", - "id": "pyup.io-56528", - "more_info_path": "/vulnerabilities/CVE-2022-41900/56528", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", + "cve": "CVE-2022-41897", + "id": "pyup.io-56535", + "more_info_path": "/vulnerabilities/CVE-2022-41897/56535", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", + "cve": "CVE-2022-41899", + "id": "pyup.io-56524", + "more_info_path": "/vulnerabilities/CVE-2022-41899/56524", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -183347,6 +184851,26 @@ ], "v": "<=2.4.3" }, + { + "advisory": "TensorFlow-ROCm-enhanced, optimized for AMD GPUs, continues to ship with a CURL dependency affected by CVE-2023-38546.", + "cve": "CVE-2023-38546", + "id": "pyup.io-73090", + "more_info_path": "/vulnerabilities/CVE-2023-38546/73090", + "specs": [ + ">=0" + ], + "v": ">=0" + }, + { + "advisory": "TensorFlow-ROCm-enhanced, optimized for AMD GPUs, continues to ship with a CURL dependency affected by CVE-2023-38545.", + "cve": "CVE-2023-38545", + "id": "pyup.io-73089", + "more_info_path": "/vulnerabilities/CVE-2023-38545/73089", + "specs": [ + ">=0" + ], + "v": ">=0" + }, { "advisory": "Tensorflow-rocm-enhanced versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 updates its dependency \"SQLite\" to handle CVE-2020-15358.", "cve": "CVE-2020-15358", @@ -186266,6 +187790,18 @@ "v": "<2.5.0" } ], + "terra-notebook-utils": [ + { + "advisory": "Affected versions of terra-notebook-utils are vulnerable to a race condition in task submission due to improper thread synchronization. The issue could lead to crashes or inconsistent task states when tasks are submitted from background threads. This vulnerability has been resolved by ensuring that task pruning operations are restricted to the main thread.", + "cve": "PVE-2024-73029", + "id": "pyup.io-73029", + "more_info_path": "/vulnerabilities/PVE-2024-73029/73029", + "specs": [ + "<0.8.0" + ], + "v": "<0.8.0" + } + ], "tesserocr": [ { "advisory": "Tesserocr 2.6.1 ships with a version of C library 'libwebp' which is affected by a high risk vulnerability. Only mac OS X wheels on PyPI were affected.\r\nhttps://inspector.pypi.io/project/tesserocr/2.6.1/packages/05/bb/603ec678bb2682b690c8af2b7f45099aa7666865c381ae27d5a0d2633f75/tesserocr-2.6.1-cp310-cp310-macosx_10_9_x86_64.whl", @@ -187628,6 +189164,18 @@ "v": "<7.0.3" } ], + "thunor": [ + { + "advisory": "Thunor Web affected versions are vulnerable to Cross-Site Scripting (XSS) attacks. The vulnerability stems from inadequate escaping of user-supplied data in HTTP responses, potentially allowing attackers to inject malicious scripts. This affects multiple views, including dataset groupings and plot generation. The patch implements proper output escaping using Django's `escape` function, significantly reducing the risk of script injection.", + "cve": "PVE-2024-73162", + "id": "pyup.io-73162", + "more_info_path": "/vulnerabilities/PVE-2024-73162/73162", + "specs": [ + "<0.5.5" + ], + "v": "<0.5.5" + } + ], "tiddlyweb": [ { "advisory": "tiddlyweb before 1.2.18 allowed empty passwords to authenticate.", @@ -187813,6 +189361,18 @@ "v": "<0.1.30" } ], + "titiler": [ + { + "advisory": "A vulnerability in TiTiler's HTML templates could allow an attacker to inject malicious content through compromised CDN resources. The absence of integrity checks on external scripts and stylesheets made the application susceptible to supply chain attacks. This could lead to cross-site scripting (XSS) or other client-side attacks if the CDN was compromised or the connection hijacked. The fix implements Subresource Integrity (SRI) checks and adds referrer policies to mitigate the risk.", + "cve": "PVE-2024-73273", + "id": "pyup.io-73273", + "more_info_path": "/vulnerabilities/PVE-2024-73273/73273", + "specs": [ + "<0.18.7" + ], + "v": "<0.18.7" + } + ], "tkniter": [ { "advisory": "Tkniter is a malicious package. It injects obfuscated JS code that replaces crypto addresses in developer clipboards.", @@ -188009,9 +189569,19 @@ "tomtoolkit": [ { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2020-7471", - "id": "pyup.io-49468", - "more_info_path": "/vulnerabilities/CVE-2020-7471/49468", + "cve": "CVE-2020-9402", + "id": "pyup.io-49467", + "more_info_path": "/vulnerabilities/CVE-2020-9402/49467", + "specs": [ + "<1.6.1" + ], + "v": "<1.6.1" + }, + { + "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", + "cve": "CVE-2019-14234", + "id": "pyup.io-49471", + "more_info_path": "/vulnerabilities/CVE-2019-14234/49471", "specs": [ "<1.6.1" ], @@ -188027,6 +189597,16 @@ ], "v": "<1.6.1" }, + { + "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", + "cve": "CVE-2019-14233", + "id": "pyup.io-49473", + "more_info_path": "/vulnerabilities/CVE-2019-14233/49473", + "specs": [ + "<1.6.1" + ], + "v": "<1.6.1" + }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", "cve": "CVE-2019-19118", @@ -188039,9 +189619,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-14233", - "id": "pyup.io-49473", - "more_info_path": "/vulnerabilities/CVE-2019-14233/49473", + "cve": "CVE-2020-7471", + "id": "pyup.io-49468", + "more_info_path": "/vulnerabilities/CVE-2020-7471/49468", "specs": [ "<1.6.1" ], @@ -188107,26 +189687,6 @@ ], "v": "<1.6.1" }, - { - "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-14234", - "id": "pyup.io-49471", - "more_info_path": "/vulnerabilities/CVE-2019-14234/49471", - "specs": [ - "<1.6.1" - ], - "v": "<1.6.1" - }, - { - "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2020-9402", - "id": "pyup.io-49467", - "more_info_path": "/vulnerabilities/CVE-2020-9402/49467", - "specs": [ - "<1.6.1" - ], - "v": "<1.6.1" - }, { "advisory": "Tomtoolkit 2.14.1 disables multiple file uploads to fix CVE-2023-31047.\r\nhttps://github.com/TOMToolkit/tom_base/commit/eb2d7903e29f6f592452544d2c48e1a1236ca1e7", "cve": "CVE-2023-31047", @@ -188335,9 +189895,9 @@ }, { "advisory": "Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2021-23437", - "id": "pyup.io-48553", - "more_info_path": "/vulnerabilities/CVE-2021-23437/48553", + "cve": "CVE-2021-34552", + "id": "pyup.io-48562", + "more_info_path": "/vulnerabilities/CVE-2021-34552/48562", "specs": [ "<0.5.3" ], @@ -188355,9 +189915,9 @@ }, { "advisory": "Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "PVE-2021-44525", - "id": "pyup.io-48565", - "more_info_path": "/vulnerabilities/PVE-2021-44525/48565", + "cve": "CVE-2021-23437", + "id": "pyup.io-48553", + "more_info_path": "/vulnerabilities/CVE-2021-23437/48553", "specs": [ "<0.5.3" ], @@ -188375,9 +189935,9 @@ }, { "advisory": "Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22815", - "id": "pyup.io-48563", - "more_info_path": "/vulnerabilities/CVE-2022-22815/48563", + "cve": "PVE-2021-44525", + "id": "pyup.io-48565", + "more_info_path": "/vulnerabilities/PVE-2021-44525/48565", "specs": [ "<0.5.3" ], @@ -188385,9 +189945,9 @@ }, { "advisory": "Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2021-34552", - "id": "pyup.io-48562", - "more_info_path": "/vulnerabilities/CVE-2021-34552/48562", + "cve": "CVE-2022-22815", + "id": "pyup.io-48563", + "more_info_path": "/vulnerabilities/CVE-2022-22815/48563", "specs": [ "<0.5.3" ], @@ -188969,7 +190529,7 @@ ], "transmute-core": [ { - "advisory": "Transmute-core 1.13.5 includes a fix for CVE-2023-47204: Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.\r\nhttps://github.com/toumorokoshi/transmute-core/pull/58", + "advisory": "Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.\r\nhttps://github.com/toumorokoshi/transmute-core/pull/58", "cve": "CVE-2023-47204", "id": "pyup.io-62150", "more_info_path": "/vulnerabilities/CVE-2023-47204/62150", @@ -189473,10 +191033,10 @@ "v": ">=4.2.0,<4.2.21,>=4.4.0,<4.4.19,>=4.6.0,<4.6.14,>=4.8.0,<4.8.10,>=5.0.0,<5.0.6" }, { - "advisory": "An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.", - "cve": "CVE-2022-26662", - "id": "pyup.io-54402", - "more_info_path": "/vulnerabilities/CVE-2022-26662/54402", + "advisory": "An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.", + "cve": "CVE-2022-26661", + "id": "pyup.io-54404", + "more_info_path": "/vulnerabilities/CVE-2022-26661/54404", "specs": [ ">=5.0.0,<5.0.46", ">=6.0.0,<6.0.16", @@ -189485,10 +191045,10 @@ "v": ">=5.0.0,<5.0.46,>=6.0.0,<6.0.16,>=6.1.0,<6.2.6" }, { - "advisory": "An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.", - "cve": "CVE-2022-26661", - "id": "pyup.io-54404", - "more_info_path": "/vulnerabilities/CVE-2022-26661/54404", + "advisory": "An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.", + "cve": "CVE-2022-26662", + "id": "pyup.io-54402", + "more_info_path": "/vulnerabilities/CVE-2022-26662/54402", "specs": [ ">=5.0.0,<5.0.46", ">=6.0.0,<6.0.16", @@ -190222,9 +191782,9 @@ }, { "advisory": "Twilio 7.16.2 requires 'pygments>=2.7.4' to include security fixes.", - "cve": "CVE-2021-20270", - "id": "pyup.io-53071", - "more_info_path": "/vulnerabilities/CVE-2021-20270/53071", + "cve": "CVE-2021-27291", + "id": "pyup.io-53125", + "more_info_path": "/vulnerabilities/CVE-2021-27291/53125", "specs": [ "<7.16.2" ], @@ -190232,9 +191792,9 @@ }, { "advisory": "Twilio 7.16.2 requires 'pygments>=2.7.4' to include security fixes.", - "cve": "CVE-2021-27291", - "id": "pyup.io-53125", - "more_info_path": "/vulnerabilities/CVE-2021-27291/53125", + "cve": "CVE-2021-20270", + "id": "pyup.io-53071", + "more_info_path": "/vulnerabilities/CVE-2021-20270/53071", "specs": [ "<7.16.2" ], @@ -190885,6 +192445,18 @@ "v": "<8.0.5" } ], + "uma-sdk": [ + { + "advisory": "Prior versions of the uma package may be vulnerable to improper input validation in the LNURLP request parsing function. The receiver address component of the URL was not validated, potentially allowing malicious input. This could lead to unexpected behavior or vulnerabilities in systems processing this data. The issue is fixed by implementing a strict regex pattern to validate the receiver address. Users should update to the latest version containing this fix to ensure proper input validation and mitigate potential security risks associated with malformed or malicious LNURLP requests.", + "cve": "PVE-2024-73332", + "id": "pyup.io-73332", + "more_info_path": "/vulnerabilities/PVE-2024-73332/73332", + "specs": [ + "<1.2.2" + ], + "v": "<1.2.2" + } + ], "unbabel-comet": [ { "advisory": "Unbabel-comet 1.1.0 updates its dependency 'pytorch-lightning' to v1.6.0 to include security fixes.", @@ -190977,20 +192549,20 @@ ], "unicorn": [ { - "advisory": "Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.", - "cve": "CVE-2022-29693", - "id": "pyup.io-62634", - "more_info_path": "/vulnerabilities/CVE-2022-29693/62634", + "advisory": "Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.", + "cve": "CVE-2022-29694", + "id": "pyup.io-62635", + "more_info_path": "/vulnerabilities/CVE-2022-29694/62635", "specs": [ "<2.0.0" ], "v": "<2.0.0" }, { - "advisory": "Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free.", - "cve": "CVE-2022-29694", - "id": "pyup.io-62635", - "more_info_path": "/vulnerabilities/CVE-2022-29694/62635", + "advisory": "Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c.", + "cve": "CVE-2022-29693", + "id": "pyup.io-62634", + "more_info_path": "/vulnerabilities/CVE-2022-29693/62634", "specs": [ "<2.0.0" ], @@ -191039,20 +192611,20 @@ ], "unicorn-binance-local-depth-cache": [ { - "advisory": "Unicorn-binance-local-depth-cache version 2.0.0 updates its `cryptography` dependency due to CVE-2023-38325, which has a high severity score of 7.5. This vulnerability affects versions prior to 41.0.2 of the cryptography package for Python and involves mishandling SSH certificates with critical options.", - "cve": "CVE-2023-38325", - "id": "pyup.io-71038", - "more_info_path": "/vulnerabilities/CVE-2023-38325/71038", + "advisory": "Unicorn-binance-local-depth-cache version 2.0.0 updates its `certifi` dependency due to CVE-2023-37920, which has a high severity score of 9.8. This vulnerability involved certifi versions 1.0.1 through 2023.5.7 recognizing \"e-Tugra\" root certificates, which were found to have security issues. Certifi version 2023.07.22 removes these root certificates from the root store to address the vulnerability.", + "cve": "CVE-2023-37920", + "id": "pyup.io-71050", + "more_info_path": "/vulnerabilities/CVE-2023-37920/71050", "specs": [ "<2.0.0" ], "v": "<2.0.0" }, { - "advisory": "Unicorn-binance-local-depth-cache version 2.0.0 updates its `certifi` dependency due to CVE-2023-37920, which has a high severity score of 9.8. This vulnerability involved certifi versions 1.0.1 through 2023.5.7 recognizing \"e-Tugra\" root certificates, which were found to have security issues. Certifi version 2023.07.22 removes these root certificates from the root store to address the vulnerability.", - "cve": "CVE-2023-37920", - "id": "pyup.io-71050", - "more_info_path": "/vulnerabilities/CVE-2023-37920/71050", + "advisory": "Unicorn-binance-local-depth-cache version 2.0.0 updates its `cryptography` dependency due to CVE-2023-38325, which has a high severity score of 7.5. This vulnerability affects versions prior to 41.0.2 of the cryptography package for Python and involves mishandling SSH certificates with critical options.", + "cve": "CVE-2023-38325", + "id": "pyup.io-71038", + "more_info_path": "/vulnerabilities/CVE-2023-38325/71038", "specs": [ "<2.0.0" ], @@ -191093,20 +192665,20 @@ ], "unicorn-binance-websocket-api": [ { - "advisory": "Unicorn-binance-websocket-api 2.7.1 updates its dependency 'cryptography' to include a security fix.", - "cve": "CVE-2023-49083", - "id": "pyup.io-71002", - "more_info_path": "/vulnerabilities/CVE-2023-49083/71002", + "advisory": "Unicorn-binance-websocket-api 2.7.1 updates its dependency 'requests' to include a security fix.", + "cve": "CVE-2023-32681", + "id": "pyup.io-70996", + "more_info_path": "/vulnerabilities/CVE-2023-32681/70996", "specs": [ "<2.7.1" ], "v": "<2.7.1" }, { - "advisory": "Unicorn-binance-websocket-api 2.7.1 updates its dependency 'requests' to include a security fix.", - "cve": "CVE-2023-32681", - "id": "pyup.io-70996", - "more_info_path": "/vulnerabilities/CVE-2023-32681/70996", + "advisory": "Unicorn-binance-websocket-api 2.7.1 updates its dependency 'certifi' to include a security fix.", + "cve": "CVE-2023-37920", + "id": "pyup.io-71000", + "more_info_path": "/vulnerabilities/CVE-2023-37920/71000", "specs": [ "<2.7.1" ], @@ -191114,19 +192686,19 @@ }, { "advisory": "Unicorn-binance-websocket-api 2.7.1 updates its dependency 'cryptography' to include a security fix.", - "cve": "CVE-2023-38325", - "id": "pyup.io-71001", - "more_info_path": "/vulnerabilities/CVE-2023-38325/71001", + "cve": "CVE-2023-49083", + "id": "pyup.io-71002", + "more_info_path": "/vulnerabilities/CVE-2023-49083/71002", "specs": [ "<2.7.1" ], "v": "<2.7.1" }, { - "advisory": "Unicorn-binance-websocket-api 2.7.1 updates its dependency 'certifi' to include a security fix.", - "cve": "CVE-2023-37920", - "id": "pyup.io-71000", - "more_info_path": "/vulnerabilities/CVE-2023-37920/71000", + "advisory": "Unicorn-binance-websocket-api 2.7.1 updates its dependency 'cryptography' to include a security fix.", + "cve": "CVE-2023-38325", + "id": "pyup.io-71001", + "more_info_path": "/vulnerabilities/CVE-2023-38325/71001", "specs": [ "<2.7.1" ], @@ -191409,20 +192981,20 @@ "v": "<1.23" }, { - "advisory": "Affected versions of urllib3 affected versions are vulnerable due to an issue where the authorization HTTP header is not removed when following a cross-origin redirect. This can result in credentials within the authorization header being exposed to unintended hosts or transmitted in cleartext. This vulnerability exists because of an incomplete fix for CVE-2018-20060, which addressed a similar issue case-sensitively.", - "cve": "CVE-2018-25091", - "id": "pyup.io-71562", - "more_info_path": "/vulnerabilities/CVE-2018-25091/71562", + "advisory": "Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument.", + "cve": "CVE-2019-11324", + "id": "pyup.io-37071", + "more_info_path": "/vulnerabilities/CVE-2019-11324/37071", "specs": [ "<1.24.2" ], "v": "<1.24.2" }, { - "advisory": "Affected versions of urllib3 are vulnerable Improper Certificate Validation. Urllib3 mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to the use of the ssl_context, ca_certs, or ca_certs_dir argument.", - "cve": "CVE-2019-11324", - "id": "pyup.io-37071", - "more_info_path": "/vulnerabilities/CVE-2019-11324/37071", + "advisory": "Affected versions of urllib3 affected versions are vulnerable due to an issue where the authorization HTTP header is not removed when following a cross-origin redirect. This can result in credentials within the authorization header being exposed to unintended hosts or transmitted in cleartext. This vulnerability exists because of an incomplete fix for CVE-2018-20060, which addressed a similar issue case-sensitively.", + "cve": "CVE-2018-25091", + "id": "pyup.io-71562", + "more_info_path": "/vulnerabilities/CVE-2018-25091/71562", "specs": [ "<1.24.2" ], @@ -191581,20 +193153,20 @@ ], "uvicorn": [ { - "advisory": "Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.", - "cve": "CVE-2020-7695", - "id": "pyup.io-38665", - "more_info_path": "/vulnerabilities/CVE-2020-7695/38665", + "advisory": "The request logger provided by Uvicorn prior to version 0.11.7 is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file). See: CVE-2020-7694.", + "cve": "CVE-2020-7694", + "id": "pyup.io-38664", + "more_info_path": "/vulnerabilities/CVE-2020-7694/38664", "specs": [ "<0.11.7" ], "v": "<0.11.7" }, { - "advisory": "The request logger provided by Uvicorn prior to version 0.11.7 is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file). See: CVE-2020-7694.", - "cve": "CVE-2020-7694", - "id": "pyup.io-38664", - "more_info_path": "/vulnerabilities/CVE-2020-7694/38664", + "advisory": "Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.", + "cve": "CVE-2020-7695", + "id": "pyup.io-38665", + "more_info_path": "/vulnerabilities/CVE-2020-7695/38665", "specs": [ "<0.11.7" ], @@ -191792,6 +193364,16 @@ ], "v": "<4.1.2" }, + { + "advisory": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability.", + "cve": "CVE-2024-21653", + "id": "pyup.io-66727", + "more_info_path": "/vulnerabilities/CVE-2024-21653/66727", + "specs": [ + "<4.2.0" + ], + "v": "<4.2.0" + }, { "advisory": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.", "cve": "CVE-2024-21671", @@ -191812,16 +193394,6 @@ ], "v": "<4.2.0" }, - { - "advisory": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability.", - "cve": "CVE-2024-21653", - "id": "pyup.io-66727", - "more_info_path": "/vulnerabilities/CVE-2024-21653/66727", - "specs": [ - "<4.2.0" - ], - "v": "<4.2.0" - }, { "advisory": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.", "cve": "CVE-2024-21649", @@ -191862,6 +193434,16 @@ ], "v": "<=4.2.2" }, + { + "advisory": "### Impact\nWe are incorporating the password policies listed in https://github.com/vantage6/vantage6/issues/59. One measure is that we don't let the user know in case of wrong username/password combination if the username actually exists, to prevent that bots can guess usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This way you could still find out which usernames exist.\n\n### Patches\nUpdate to 3.8.0+\n\n### Workarounds\nNo\n\n### References\nhttps://github.com/vantage6/vantage6/issues/59\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [vantage6@iknl.nl](mailto:vantage6@iknl.nl)\n", + "cve": "CVE-2022-39228", + "id": "pyup.io-54659", + "more_info_path": "/vulnerabilities/CVE-2022-39228/54659", + "specs": [ + ">=0,<3.8.0" + ], + "v": ">=0,<3.8.0" + }, { "advisory": "From issue: \n\nProblem description\nCurrently, the refresh token is valid indefinitely. This is bad security practice.\n\nDesired solution\nThe refresh token should get a validity of 24-48 hours.\n\nAdditional context\n\nWhen implementing this, also check that the refresh token returns a new refresh token\nWhen implementing this, also adapt the UI so that it logs out if refresh token is no longer valid.\nWhen implementing this, ensure that nodes refresh their token periodically so that they do not have to be restarted manually.\n\n\n### Impact\n### Patches\nNone available \n\n### Workarounds\nNone available\n\n", "cve": "CVE-2023-23929", @@ -191881,19 +193463,19 @@ ">=0,<3.8.0" ], "v": ">=0,<3.8.0" - }, - { - "advisory": "### Impact\nWe are incorporating the password policies listed in https://github.com/vantage6/vantage6/issues/59. One measure is that we don't let the user know in case of wrong username/password combination if the username actually exists, to prevent that bots can guess usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This way you could still find out which usernames exist.\n\n### Patches\nUpdate to 3.8.0+\n\n### Workarounds\nNo\n\n### References\nhttps://github.com/vantage6/vantage6/issues/59\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [vantage6@iknl.nl](mailto:vantage6@iknl.nl)\n", - "cve": "CVE-2022-39228", - "id": "pyup.io-54659", - "more_info_path": "/vulnerabilities/CVE-2022-39228/54659", - "specs": [ - ">=0,<3.8.0" - ], - "v": ">=0,<3.8.0" } ], "vantage6-client": [ + { + "advisory": "vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.", + "cve": "CVE-2023-28635", + "id": "pyup.io-62911", + "more_info_path": "/vulnerabilities/CVE-2023-28635/62911", + "specs": [ + "<4.0.0" + ], + "v": "<4.0.0" + }, { "advisory": "vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.", "cve": "CVE-2023-41881", @@ -191914,16 +193496,6 @@ ], "v": "<4.0.0" }, - { - "advisory": "vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.", - "cve": "CVE-2023-28635", - "id": "pyup.io-62911", - "more_info_path": "/vulnerabilities/CVE-2023-28635/62911", - "specs": [ - "<4.0.0" - ], - "v": "<4.0.0" - }, { "advisory": "vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server may modify it to set a fake `parent_id` and send a task of a non-whitelisted algorithm. The node will then execute it because the `parent_id` that is set prevents checks from being run. This impacts all servers that are breached by an expert user. This vulnerability has been patched in version 4.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "cve": "CVE-2023-47631", @@ -191969,20 +193541,20 @@ "v": "<4.0.0" }, { - "advisory": "vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.", - "cve": "CVE-2023-41882", - "id": "pyup.io-65242", - "more_info_path": "/vulnerabilities/CVE-2023-41882/65242", + "advisory": "vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.", + "cve": "CVE-2023-28635", + "id": "pyup.io-62910", + "more_info_path": "/vulnerabilities/CVE-2023-28635/62910", "specs": [ "<4.0.0" ], "v": "<4.0.0" }, { - "advisory": "vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.", - "cve": "CVE-2023-28635", - "id": "pyup.io-62910", - "more_info_path": "/vulnerabilities/CVE-2023-28635/62910", + "advisory": "vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.", + "cve": "CVE-2023-41882", + "id": "pyup.io-65242", + "more_info_path": "/vulnerabilities/CVE-2023-41882/65242", "specs": [ "<4.0.0" ], @@ -192041,10 +193613,10 @@ "v": "<4.1.2" }, { - "advisory": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.", - "cve": "CVE-2024-21671", - "id": "pyup.io-66726", - "more_info_path": "/vulnerabilities/CVE-2024-21671/66726", + "advisory": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0.", + "cve": "CVE-2024-22193", + "id": "pyup.io-66724", + "more_info_path": "/vulnerabilities/CVE-2024-22193/66724", "specs": [ "<4.2.0" ], @@ -192061,10 +193633,10 @@ "v": "<4.2.0" }, { - "advisory": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0.", - "cve": "CVE-2024-22193", - "id": "pyup.io-66724", - "more_info_path": "/vulnerabilities/CVE-2024-22193/66724", + "advisory": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability.", + "cve": "CVE-2024-21671", + "id": "pyup.io-66726", + "more_info_path": "/vulnerabilities/CVE-2024-21671/66726", "specs": [ "<4.2.0" ], @@ -192287,6 +193859,28 @@ "v": "<1.5.2" } ], + "vfb-connect": [ + { + "advisory": "VFB-Connect has updated its Pillow library dependencies in response to CVE-2023-4863.", + "cve": "CVE-2023-4863", + "id": "pyup.io-73049", + "more_info_path": "/vulnerabilities/CVE-2023-4863/73049", + "specs": [ + "<2.2.10" + ], + "v": "<2.2.10" + }, + { + "advisory": "VFB-Connect has updated its dependency requirements to specify Pillow version 10.3.0 or higher.", + "cve": "CVE-2023-4863", + "id": "pyup.io-73050", + "more_info_path": "/vulnerabilities/CVE-2023-4863/73050", + "specs": [ + "<2.2.9" + ], + "v": "<2.2.9" + } + ], "vhcalc": [ { "advisory": "Vhcalc 0.2.4 updates its dependency 'pillow' to v9.1.1 to include a security fix.", @@ -192461,6 +194055,16 @@ "<20.21.0" ], "v": "<20.21.0" + }, + { + "advisory": "Affected versions of the virtualenv package are vulnerable to command injection. This vulnerability could allow an attacker to execute arbitrary commands by exploiting improperly quoted string placeholders in activation scripts. The vulnerable functions include various shell activation scripts where placeholders like __VIRTUAL_ENV__ are used. The exploitability depends on the ability to control the input to these placeholders. Users are advised to update to the version where a quoting mechanism has been implemented to mitigate this risk. This vulnerability is specific to environments where shell scripts are used for virtual environment activation. The issue is tracked under CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').", + "cve": "PVE-2024-73456", + "id": "pyup.io-73456", + "more_info_path": "/vulnerabilities/PVE-2024-73456/73456", + "specs": [ + "<20.26.6" + ], + "v": "<20.26.6" } ], "virtualnv": [ @@ -192640,6 +194244,26 @@ "<0.2.1" ], "v": "<0.2.1" + }, + { + "advisory": "A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.", + "cve": "CVE-2024-8768", + "id": "pyup.io-73284", + "more_info_path": "/vulnerabilities/CVE-2024-8768/73284", + "specs": [ + "<0.5.5" + ], + "v": "<0.5.5" + }, + { + "advisory": "Improper handling of the 'best_of' parameter in the ilab model serve component's vllm JSON web API can lead to a Denial of Service (DoS) vulnerability. When attackers set this parameter to a large value during LLM-based sentence or chat completion requests, the API fails to manage timeouts or resource exhaustion effectively. This oversight allows malicious actors to consume excessive system resources, rendering the API unresponsive and blocking legitimate users from accessing the service. The vulnerability stems from the API's attempt to return the best completion from several options without proper safeguards against resource-intensive requests.", + "cve": "CVE-2024-8939", + "id": "pyup.io-73285", + "more_info_path": "/vulnerabilities/CVE-2024-8939/73285", + "specs": [ + ">=0" + ], + "v": ">=0" } ], "vmware-aria-operations-integration-sdk": [ @@ -194090,40 +195714,40 @@ "v": "<0.12.12" }, { - "advisory": "Wandb 0.12.18 updates its dependency 'httplib2' to v0.19.0 to include security fixes.", - "cve": "CVE-2020-11078", - "id": "pyup.io-49365", - "more_info_path": "/vulnerabilities/CVE-2020-11078/49365", + "advisory": "Wandb 0.12.18 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", + "cve": "CVE-2021-33503", + "id": "pyup.io-49369", + "more_info_path": "/vulnerabilities/CVE-2021-33503/49369", "specs": [ "<0.12.18" ], "v": "<0.12.18" }, { - "advisory": "Wandb 0.12.18 updates its dependency 'rsa' to v4.7 to include security fixes.", - "cve": "CVE-2020-13757", - "id": "pyup.io-49367", - "more_info_path": "/vulnerabilities/CVE-2020-13757/49367", + "advisory": "Wandb 0.12.18 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", + "cve": "CVE-2020-26137", + "id": "pyup.io-49368", + "more_info_path": "/vulnerabilities/CVE-2020-26137/49368", "specs": [ "<0.12.18" ], "v": "<0.12.18" }, { - "advisory": "Wandb 0.12.18 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", - "cve": "CVE-2021-33503", - "id": "pyup.io-49369", - "more_info_path": "/vulnerabilities/CVE-2021-33503/49369", + "advisory": "Wandb 0.12.18 updates its dependency 'httplib2' to v0.19.0 to include security fixes.", + "cve": "CVE-2020-11078", + "id": "pyup.io-49365", + "more_info_path": "/vulnerabilities/CVE-2020-11078/49365", "specs": [ "<0.12.18" ], "v": "<0.12.18" }, { - "advisory": "Wandb 0.12.18 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-49368", - "more_info_path": "/vulnerabilities/CVE-2020-26137/49368", + "advisory": "Wandb 0.12.18 updates its dependency 'rsa' to v4.7 to include security fixes.", + "cve": "CVE-2020-25658", + "id": "pyup.io-49366", + "more_info_path": "/vulnerabilities/CVE-2020-25658/49366", "specs": [ "<0.12.18" ], @@ -194131,9 +195755,9 @@ }, { "advisory": "Wandb 0.12.18 updates its dependency 'rsa' to v4.7 to include security fixes.", - "cve": "CVE-2020-25658", - "id": "pyup.io-49366", - "more_info_path": "/vulnerabilities/CVE-2020-25658/49366", + "cve": "CVE-2020-13757", + "id": "pyup.io-49367", + "more_info_path": "/vulnerabilities/CVE-2020-13757/49367", "specs": [ "<0.12.18" ], @@ -194559,6 +196183,18 @@ "v": ">=61.0,<=61.1" } ], + "weave": [ + { + "advisory": "A path traversal vulnerability has been identified in the Weave server's file serving functionality. It could allow an attacker to access files outside the intended directory, potentially exposing sensitive system information. The issue stems from insufficient path validation in the `send_local_file` function. Exploiting this vulnerability could lead to unauthorized access to files, information disclosure, or in severe cases, remote code execution. The fix commit resolves this vulnerability by implementing proper path validation and using a more secure method to send files.", + "cve": "PVE-2024-73194", + "id": "pyup.io-73194", + "more_info_path": "/vulnerabilities/PVE-2024-73194/73194", + "specs": [ + "<0.50.8" + ], + "v": "<0.50.8" + } + ], "weaviate-client": [ { "advisory": "Weaviate-client fixes a vulnerability in the .graphql namespace methods of the weaviate.Client object. This issue has been present in affected versions, where backslash (\\) characters were not escaped appropriately. This flaw allowed for malicious plain-text strings in the .with_where method to query database-wide data, potentially leading to unauthorized data access.", @@ -195466,16 +197102,6 @@ } ], "whoogle-search": [ - { - "advisory": "Whoogle-search 0.7.2 includes a fix for CVE-2022-25303: Cross-site Scripting (XSS) via the query string parameter q. error_message() is rendered using the | safe filter, meaning the user input is not escaped.", - "cve": "CVE-2022-25303", - "id": "pyup.io-50116", - "more_info_path": "/vulnerabilities/CVE-2022-25303/50116", - "specs": [ - "<0.7.2" - ], - "v": "<0.7.2" - }, { "advisory": "Whoogle-search 0.7.2 patches a XSS vulnerability on the Whoogle error template.", "cve": "PVE-2022-48297", @@ -195496,6 +197122,16 @@ ], "v": "<0.7.2" }, + { + "advisory": "Whoogle-search 0.7.2 includes a fix for CVE-2022-25303: Cross-site Scripting (XSS) via the query string parameter q. error_message() is rendered using the | safe filter, meaning the user input is not escaped.", + "cve": "CVE-2022-25303", + "id": "pyup.io-50116", + "more_info_path": "/vulnerabilities/CVE-2022-25303/50116", + "specs": [ + "<0.7.2" + ], + "v": "<0.7.2" + }, { "advisory": "Whoogle-search 0.7.2 updates its Python image to python:3.11.0a5-alpine to include a security fix.", "cve": "CVE-2022-23990", @@ -195517,20 +197153,20 @@ "v": "<0.8.4" }, { - "advisory": "Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4.", - "cve": "CVE-2024-22205", - "id": "pyup.io-66720", - "more_info_path": "/vulnerabilities/CVE-2024-22205/66720", + "advisory": "Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely concatenated in `os.path.join`, leading to path manipulation. The POST data from the `config_data` variable is saved with `pickle.dump` which leads to a limited file write. However, the data that is saved is earlier transformed into a dictionary and the `url` key value pair is added before the file is saved on the system. All in all, the issue allows us to save and overwrite files on the system that the application has permissions to, with a dictionary containing arbitrary data and the `url` key value, which is a limited file write. Version 0.8.4 contains a patch for this issue.", + "cve": "CVE-2024-22204", + "id": "pyup.io-66721", + "more_info_path": "/vulnerabilities/CVE-2024-22204/66721", "specs": [ "<0.8.4" ], "v": "<0.8.4" }, { - "advisory": "Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely concatenated in `os.path.join`, leading to path manipulation. The POST data from the `config_data` variable is saved with `pickle.dump` which leads to a limited file write. However, the data that is saved is earlier transformed into a dictionary and the `url` key value pair is added before the file is saved on the system. All in all, the issue allows us to save and overwrite files on the system that the application has permissions to, with a dictionary containing arbitrary data and the `url` key value, which is a limited file write. Version 0.8.4 contains a patch for this issue.", - "cve": "CVE-2024-22204", - "id": "pyup.io-66721", - "more_info_path": "/vulnerabilities/CVE-2024-22204/66721", + "advisory": "Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4.", + "cve": "CVE-2024-22205", + "id": "pyup.io-66720", + "more_info_path": "/vulnerabilities/CVE-2024-22205/66720", "specs": [ "<0.8.4" ], @@ -195771,9 +197407,9 @@ "wolkenbrot": [ { "advisory": "Wolkenbrot 0.3 updates its dependency 'cryptography' to v3.3.2 to include security fixes.", - "cve": "CVE-2020-25659", - "id": "pyup.io-42217", - "more_info_path": "/vulnerabilities/CVE-2020-25659/42217", + "cve": "CVE-2020-36242", + "id": "pyup.io-42171", + "more_info_path": "/vulnerabilities/CVE-2020-36242/42171", "specs": [ "<0.3" ], @@ -195781,9 +197417,9 @@ }, { "advisory": "Wolkenbrot 0.3 updates its dependency 'cryptography' to v3.3.2 to include security fixes.", - "cve": "CVE-2020-36242", - "id": "pyup.io-42171", - "more_info_path": "/vulnerabilities/CVE-2020-36242/42171", + "cve": "CVE-2020-25659", + "id": "pyup.io-42217", + "more_info_path": "/vulnerabilities/CVE-2020-25659/42217", "specs": [ "<0.3" ], @@ -196422,9 +198058,9 @@ "xtgeo": [ { "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "PVE-2022-44524", - "id": "pyup.io-48286", - "more_info_path": "/vulnerabilities/PVE-2022-44524/48286", + "cve": "CVE-2022-22817", + "id": "pyup.io-48284", + "more_info_path": "/vulnerabilities/CVE-2022-22817/48284", "specs": [ "<2.17.1" ], @@ -196432,9 +198068,9 @@ }, { "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "CVE-2022-22817", - "id": "pyup.io-48284", - "more_info_path": "/vulnerabilities/CVE-2022-22817/48284", + "cve": "PVE-2022-44524", + "id": "pyup.io-48286", + "more_info_path": "/vulnerabilities/PVE-2022-44524/48286", "specs": [ "<2.17.1" ], @@ -196451,20 +198087,20 @@ "v": "<2.17.1" }, { - "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "CVE-2022-22815", - "id": "pyup.io-48288", - "more_info_path": "/vulnerabilities/CVE-2022-22815/48288", + "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues affecting versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", + "cve": "CVE-2022-24303", + "id": "pyup.io-48264", + "more_info_path": "/vulnerabilities/CVE-2022-24303/48264", "specs": [ "<2.17.1" ], "v": "<2.17.1" }, { - "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues affecting versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "CVE-2022-24303", - "id": "pyup.io-48264", - "more_info_path": "/vulnerabilities/CVE-2022-24303/48264", + "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", + "cve": "CVE-2022-22815", + "id": "pyup.io-48288", + "more_info_path": "/vulnerabilities/CVE-2022-22815/48288", "specs": [ "<2.17.1" ], @@ -196782,6 +198418,28 @@ "v": "<0.2.3" } ], + "yewtube": [ + { + "advisory": "Yewtube affected versions, when running on Unix-like systems, are susceptible to race conditions and connection failures when interacting with Unix sockets. These issues could cause application crashes or unresponsive behavior, especially if socket initialization timing is manipulated. The vulnerability arises from an insufficient fixed delay before socket connection attempts. The patch implements a retry mechanism, significantly improving reliability. \r\nNote: This issue only affects Linux, BSD, and macOS users.", + "cve": "PVE-2024-73161", + "id": "pyup.io-73161", + "more_info_path": "/vulnerabilities/PVE-2024-73161/73161", + "specs": [ + "<0.2.2" + ], + "v": "<0.2.2" + }, + { + "advisory": "Yewtube affected versions may experience reliability issues due to race conditions and connection failures. These vulnerabilities could potentially be exploited to cause application crashes or unexpected behavior, especially in environments where socket initialization timing can be manipulated. The patch introduces a retry mechanism for socket connections and delays property observations until the socket is ready, significantly reducing the risk of race conditions. Users are advised to update to the latest version incorporating this fix to ensure more stable and secure operation, particularly in multi-user or untrusted network environments.", + "cve": "PVE-2024-73160", + "id": "pyup.io-73160", + "more_info_path": "/vulnerabilities/PVE-2024-73160/73160", + "specs": [ + "<0.2.4" + ], + "v": "<0.2.4" + } + ], "yfinance": [ { "advisory": "Yfinance 0.2.26 updates its dependency 'requests' to version '2.31' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/ranaroussi/yfinance/pull/1625", @@ -196831,6 +198489,18 @@ "v": ">0" } ], + "yo": [ + { + "advisory": "yo affected versions may inadvertently disclose system information through error messages. While not directly exploitable, this could aid unauthorized information gathering. The issue occurs in the task_get_status function where the find command's error output is not suppressed. The fix addresses this by redirecting stderr to /dev/null, preventing potential information leakage.", + "cve": "PVE-2024-73136", + "id": "pyup.io-73136", + "more_info_path": "/vulnerabilities/PVE-2024-73136/73136", + "specs": [ + "<1.7.2" + ], + "v": "<1.7.2" + } + ], "yorm": [ { "advisory": "Yorm 1.6.1 updates 'PyYAML' to v5.1 to include a security fix.\r\nhttps://github.com/jacebrowning/yorm/commit/87636588655ecd4ac760e83221a243aaa29f5a89", @@ -197252,16 +198922,6 @@ ], "v": "<0.56.2" }, - { - "advisory": "Zenml version 0.56.3 updates its python-multipart dependency from \"~0.0.5\" to \"~0.0.9\" in response to GHSA-qf9m-vfgh-m389. This change addresses a vulnerability in python-multipart that impacts its use with FastAPI.", - "cve": "PVE-2024-67582", - "id": "pyup.io-67582", - "more_info_path": "/vulnerabilities/PVE-2024-67582/67582", - "specs": [ - "<0.56.3" - ], - "v": "<0.56.3" - }, { "advisory": "An issue was discovered in zenml-io/zenml affected versions. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process.", "cve": "CVE-2024-2213", @@ -197282,6 +198942,16 @@ ], "v": "<0.56.3" }, + { + "advisory": "Zenml version 0.56.3 updates its python-multipart dependency from \"~0.0.5\" to \"~0.0.9\" in response to GHSA-qf9m-vfgh-m389. This change addresses a vulnerability in python-multipart that impacts its use with FastAPI.", + "cve": "PVE-2024-67582", + "id": "pyup.io-67582", + "more_info_path": "/vulnerabilities/PVE-2024-67582/67582", + "specs": [ + "<0.56.3" + ], + "v": "<0.56.3" + }, { "advisory": "Zenml version 0.56.3 has broadened its compatibility with FastAPI, now requiring versions \">=0.75,<0.111\" to address the security concerns outlined in CVE-2024-24762.", "cve": "CVE-2024-24762",