search

Killy85 / game_ai_trainer

This repository is home of a Machine Learning project aiming at training an agent to play a game using Reinforcement learning
Apache License 2.0
0 stars 0 forks source link

CVE-2024-34997 (Medium) detected in joblib-0.13.2-py2.py3-none-any.whl #453

Open mend-bolt-for-github[bot] opened 6 months ago

mend-bolt-for-github[bot] commented 6 months ago

CVE-2024-34997 - Medium Severity Vulnerability

Vulnerable Library - joblib-0.13.2-py2.py3-none-any.whl

Lightweight pipelining with Python functions

Library home page: https://files.pythonhosted.org/packages/cd/c1/50a758e8247561e58cb87305b1e90b171b8c767b15b12a1734001f41d356/joblib-0.13.2-py2.py3-none-any.whl

Path to dependency file: /game_ai_trainer/requirements.txt

Path to vulnerable library: /teSource-ArchiveExtractor_da03aa19-8c81-4d9c-9496-c373589d1ea2/20190506071543_44724/20190506071259_depth_0/97/scikit_learn-0.20.3-cp27-cp27mu-manylinux1_x86_64/sklearn/externals/joblib

Dependency Hierarchy: - :x: **joblib-0.13.2-py2.py3-none-any.whl** (Vulnerable Library)

Found in base branch: master

Vulnerability Details

joblib v1.4.2 was discovered to contain a deserialization vulnerability via the component joblib.numpy_pickle::NumpyArrayWrapper().read_array().

Publish Date: 2024-05-19

URL: CVE-2024-34997

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here