View Code? Open in Web Editor
NEW
This project forked from numpy /numpy
The fundamental package for scientific computing with Python.
Home Page: https://www.numpy.org/
License: BSD 3-Clause "New" or "Revised" License
Python 48.06%
C 49.78%
C++ 1.91%
Fortran 0.06%
Makefile 0.02%
JavaScript 0.09%
Shell 0.05%
sed 0.03%
numpy's People
numpy's Issues
CVE-2020-13091 - High Severity Vulnerability
Vulnerable Library - pandas-0.24.2-cp27-cp27mu-manylinux1_x86_64.whl
Powerful data structures for data analysis, time series, and statistics
Library home page: https://files.pythonhosted.org/packages/db/83/7d4008ffc2988066ff37f6a0bb6d7b60822367dcb36ba5e39aa7801fda54/pandas-0.24.2-cp27-cp27mu-manylinux1_x86_64.whl
Path to dependency file: /tmp/ws-scm/numpy/tools/swig/test
Path to vulnerable library: /numpy/tools/swig/test,/numpy/doc_requirements.txt,/numpy/numpy/random,/numpy,/numpy/numpy/core,/numpy/numpy
Dependency Hierarchy:
โ pandas-0.24.2-cp27-cp27mu-manylinux1_x86_64.whl (Vulnerable Library)
Found in HEAD commit: eea8adf0af4604303f57f090943fdfd15221ae06
Vulnerability Details
** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.
Publish Date: 2020-05-15
URL: CVE-2020-13091
CVSS 3 Score Details (9.8 )
Base Score Metrics:
Exploitability Metrics:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Impact Metrics:
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High
For more information on CVSS3 Scores, click here .
Step up your Open Source Security Game with WhiteSource here