|
5 | 5 | "71671": "[Package: torch] Core torch package version 2.1 affected, cannot be changed in PyTorch 2.1 DLC advisory='PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.'", |
6 | 6 | "71672": "[Package: torch] Core torch package version 2.1 affected, cannot be changed in PyTorch 2.1 DLC advisory='Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.'", |
7 | 7 | "71064": "Affected versions of Requests, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of `verify`. This behavior will continue for the lifecycle of the connection in the connection pool. Requests 2.32.0 fixes the issue, but versions 2.32.0 and 2.32.1 were yanked due to conflicts with CVE-2024-35195 mitigation." |
| 8 | + "71584": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform affected versions, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.', reason_to_ignore='N/A', spec='>=1.23.0'", |
| 9 | + "71693": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in affected versions of the MLflow platform, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.', reason_to_ignore='N/A', spec='>=1.24.0'", |
| 10 | + "71692": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in affected versions of the MLflow platform, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.', reason_to_ignore='N/A', spec='>=2.0.0rc0'", |
| 11 | + "71587": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in affected versions of the MLflow platform, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.', reason_to_ignore='N/A', spec='>=0.9.0'", |
| 12 | + "71589": "[pkg: mlflow] Required by sagemaker. advisory='A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers.', reason_to_ignore='N/A', spec='>=2.9.2'", |
| 13 | + "71577": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.', reason_to_ignore='N/A', spec='>=1.1.0'", |
| 14 | + "71578": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.', reason_to_ignore='N/A', spec='>=1.1.0'", |
| 15 | + "71579": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.', reason_to_ignore='N/A', spec='>=1.27.0'" |
8 | 16 | } |
0 commit comments