Giter Club home page Giter Club logo

numpy's People

Contributors

abalkin avatar ahaldane avatar bashtage avatar charris avatar cournape avatar eric-jones avatar eric-wieser avatar jaimefrio avatar jarrodmillman avatar jayvius avatar juliantaylor avatar larsmans avatar matthew-brett avatar mattip avatar mhvk avatar mwiebe avatar njsmith avatar pearu avatar pierregm avatar pv avatar r-devulap avatar rgommers avatar rkern avatar seberg avatar shoyer avatar stefanv avatar teoliphant avatar tylerjereddy avatar warrenweckesser avatar wfspotz avatar

numpy's Issues

CVE-2020-13091 (High) detected in pandas-0.24.2-cp27-cp27mu-manylinux1_x86_64.whl

CVE-2020-13091 - High Severity Vulnerability

Vulnerable Library - pandas-0.24.2-cp27-cp27mu-manylinux1_x86_64.whl

Powerful data structures for data analysis, time series, and statistics

Library home page: https://files.pythonhosted.org/packages/db/83/7d4008ffc2988066ff37f6a0bb6d7b60822367dcb36ba5e39aa7801fda54/pandas-0.24.2-cp27-cp27mu-manylinux1_x86_64.whl

Path to dependency file: /tmp/ws-scm/numpy/tools/swig/test

Path to vulnerable library: /numpy/tools/swig/test,/numpy/doc_requirements.txt,/numpy/numpy/random,/numpy,/numpy/numpy/core,/numpy/numpy

Dependency Hierarchy:

  • โŒ pandas-0.24.2-cp27-cp27mu-manylinux1_x86_64.whl (Vulnerable Library)

Found in HEAD commit: eea8adf0af4604303f57f090943fdfd15221ae06

Vulnerability Details

** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if reduce makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner.

Publish Date: 2020-05-15

URL: CVE-2020-13091

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.