A senior student from Shandong University (Weihai), majoring in data science and artificial intelligence
I love working on FOSS projects and contributing to them.
 |
 |
 |
|---|
 |
 |
 |
 |
|---|
 |
 |
 |
 |
|---|
Vulnerable Library - numpy-1.21.2-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whlNumPy is the fundamental package for array computing with Python.
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
Mend Note: After conducting further research, Mend has determined that versions 1.12.0 through 1.21.6 of numpy are vulnerable to CVE-2021-34141
Publish Date: 2021-12-17
URL: CVE-2021-34141
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34141
Release Date: 2021-12-17
Fix Resolution: 1.22.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - py-1.10.0-py2.py3-none-any.whllibrary with cross-python path, ini-parsing, io, code, log facilities
Library home page: https://files.pythonhosted.org/packages/67/32/6fe01cfc3d1a27c92fdbcdfc3f67856da8cbadf0dd9f2e18055202b2dc62/py-1.10.0-py2.py3-none-any.whl
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled.
Publish Date: 2022-10-16
URL: CVE-2022-42969
CVSS 3 Score Details (7.5)
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
Publish Date: 2023-11-03
URL: CVE-2023-44271
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2023-11-03
Fix Resolution: Pillow - 10.0.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
Publish Date: 2022-11-14
URL: CVE-2022-45198
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-11-14
Fix Resolution: 9.2.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - numpy-1.21.2-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whlNumPy is the fundamental package for array computing with Python.
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
** DISPUTED ** Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. NOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).
Publish Date: 2021-12-17
URL: CVE-2021-41496
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-41496
Release Date: 2021-12-17
Fix Resolution: autovizwidget - 0.12.7;numpy - 1.22.0rc1;numcodecs - 0.6.2;numpy-base - 1.11.3;numpy - 1.17.4
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - joblib-1.0.1-py3-none-any.whlLightweight pipelining with Python functions
Library home page: https://files.pythonhosted.org/packages/55/85/70c6602b078bd9e6f3da4f467047e906525c355a4dacd4f71b97a35d9897/joblib-1.0.1-py3-none-any.whl
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
Publish Date: 2022-09-26
URL: CVE-2022-21797
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-09-26
Fix Resolution: 1.2.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - setuptools-57.4.0-py3-none-any.whlEasily download, build, install, upgrade, and uninstall Python packages
Library home page: https://files.pythonhosted.org/packages/bd/25/5bdf7f1adeebd4e3fa76b2e2f045ae53ee208e40a4231ad0f0c3007e4353/setuptools-57.4.0-py3-none-any.whl
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
Publish Date: 2022-12-23
URL: CVE-2022-40897
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
Release Date: 2022-12-23
Fix Resolution: 65.5.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.
Publish Date: 2022-03-28
URL: CVE-2022-24303
CVSS 3 Score Details (9.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-9j59-75qj-795w
Release Date: 2022-03-28
Fix Resolution: 9.0.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
Publish Date: 2022-01-10
URL: CVE-2022-22816
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22816
Release Date: 2022-01-10
Fix Resolution: 9.0.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.
Publish Date: 2022-01-10
URL: CVE-2022-22817
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22817
Release Date: 2022-01-10
Fix Resolution: Pillow - 9.0.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
Publish Date: 2022-01-10
URL: CVE-2022-22815
CVSS 3 Score Details (6.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22815
Release Date: 2022-01-10
Fix Resolution: 9.0.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Publish Date: 2021-09-03
URL: CVE-2021-23437
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html
Release Date: 2021-09-03
Fix Resolution: Pillow - 8.3.2
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
Publish Date: 2022-11-14
URL: CVE-2022-45199
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-11-14
Fix Resolution: Pillow - 9.3.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - Pillow-8.3.1-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.whlPython Imaging Library (Fork)
Path to dependency file: /ppyolov2/ppdet/ext_op
Path to vulnerable library: /ppyolov2/ppdet/ext_op
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
JpegImagePlugin may append an EOF marker to the end of a truncated file, so that the last segment of the data will still be processed by the decoder.
If the EOF marker is not detected as such however, this could lead to an infinite loop where JpegImagePlugin keeps trying to end the file.
Publish Date: 2022-03-11
URL: WS-2022-0097
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-4fx9-vc88-q2xc
Release Date: 2022-03-11
Fix Resolution: 9.0.1
Step up your Open Source Security Game with Mend here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
