search

akanimax / pro_gan_pytorch

Unofficial PyTorch implementation of the paper titled "Progressive growing of GANs for improved Quality, Stability, and Variation"
MIT License
536 stars 100 forks source link

Could you help upgrade the vulnerble dependency in pro-gan-pth #65

Closed JoeGardner000 closed 2 years ago

JoeGardner000 commented 2 years ago

Hi, @tomasheiskanen ,@akanimax , I'd like to report a vulnerability issue in pro-gan-pth_3.4.

Issue Description

I noticed that pro-gan-pth_3.4 directly depends on opencv-python_4.5.4.60. However, opencv-python_4.5.4.60 sufferes from the vulnerabilites which the C libraries exposed as following dependency graph shows. Refer to issue.

Dependency Graph between Python and Shared Libraries

image

Suggested Vulnerability Patch Versions

opencv-python has upgraded these vulnerable C libraries to patch versions in release 4.5.5.64.

Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects. Could you please upgrade this vulnerable dependency?

Thanks for your help~ Best regards, JoeGardner

akanimax commented 2 years ago

@JoeGardner000,

Thanks for the clear issue report. I am only using the opencv for writing the video in the script pro_gan_pytorch_scripts/latent_space_interpolation.py, so it won't be cumbersome to get rid of this exposed vulnerability.

  1. Have you tried just using version 4.5.5.64 instead of the listed 4.5.4.60? I believe it should just work, so that only means updating the requirements.txt file :smile:.
  2. If it doesn't work or it's not worth the effort, then we could switch to something simpler like imageio.mimwrite etc.

Hope this helps.

Cheers :beers:!

akanimax commented 2 years ago

Closing this issue due to inactivity.