Framework providing pythonic APIs, algorithms and utilities to be used with Modulus core to physics inform model training as well as higher level abstraction for domain experts
-> Vulnerability found in scikit-learn version 1.0.2
Vulnerability ID: 54297
Affected spec: <1.1.0rc1
ADVISORY: Scikit-learn 1.1.0rc1 includes a fix for CVE-2020-28975:
svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn and
other products, allows attackers to cause a denial of service
(segmentation fault) via a crafted model SVM (introduced via pickle, json,
or any other model permanence standard) with a large value in the
_n_support array. NOTE: the scikit-learn vendor's position is that the
behavior can only occur if the library's API is violated by an application
that changes a private attribute.https://github.com/scikit-learn/scikit-
learn/commit/1bf13d567d3cd74854aa8343fd25b61dd768bb85
CVE-2020-28975
For more information about this vulnerability, visit
https://data.safetycli.com/v/54297/97c
To ignore this vulnerability, use PyUp vulnerability id 54297 in safety’s
ignore command-line argument or add the ignore to your safety policy file.
ktangsali
commented
5 months ago
Modulus Pull Request
Fixes CVE found by internal scans
Description
Checklist
Dependencies