adabound-0.0.5-py3-none-any.whl: 1 vulnerabilities (highest severity is: 9.8) - autoclosed #163
Labels
ARCH
Mend: dependency security vulnerability
Security vulnerability detected by Mend
python
Pull requests that update Python code
Path to dependency file: /SwapNet-jwyang-roi-version/.ws-temp-RZUGWE-requirements.txt
Path to vulnerable library: /SwapNet-jwyang-roi-version/.ws-temp-RZUGWE-requirements.txt
Found in HEAD commit: 1def381581db59d139b24ef0a32eed6f8e3b2af8
Vulnerabilities
*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.
Details
Vulnerable Library - torch-1.13.0-cp37-cp37m-manylinux1_x86_64.whl
Tensors and Dynamic neural networks in Python with strong GPU acceleration
Library home page: https://files.pythonhosted.org/packages/7a/fb/b1b11ae95ffa7099ca2e60ed5945e56130cc8740208f42aa77f17e03ab3c/torch-1.13.0-cp37-cp37m-manylinux1_x86_64.whl
Path to dependency file: /SwapNet-jwyang-roi-version/.ws-temp-RZUGWE-requirements.txt
Path to vulnerable library: /SwapNet-jwyang-roi-version/.ws-temp-RZUGWE-requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 1def381581db59d139b24ef0a32eed6f8e3b2af8
Found in base branch: master
Vulnerability Details
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
Publish Date: 2022-11-26
URL: CVE-2022-45907
CVSS 3 Score Details (9.8)
Base Score Metrics:
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: