Path to dependency file: /models/validation-inference-scripts/phishing-models/requirements.txt
Path to vulnerable library: /models/validation-inference-scripts/phishing-models/requirements.txt,/models/validation-inference-scripts/root-cause-models/requirements.txt,/models/validation-inference-scripts/root-cause-models/requirements.txt,/models/validation-inference-scripts/phishing-models/requirements.txt
Path to dependency file: /models/validation-inference-scripts/phishing-models/requirements.txt
Path to vulnerable library: /models/validation-inference-scripts/phishing-models/requirements.txt,/models/validation-inference-scripts/root-cause-models/requirements.txt,/models/validation-inference-scripts/root-cause-models/requirements.txt,/models/validation-inference-scripts/phishing-models/requirements.txt
Vulnerable Library - sympy-1.10.1-py3-none-any.whl
Computer algebra system (CAS) in Python
Library home page: https://files.pythonhosted.org/packages/d0/04/66be21ceb305c66a4b326b0ae44cc4f027a43bc08cac204b48fb45bb3653/sympy-1.10.1-py3-none-any.whl
Path to dependency file: /models/validation-inference-scripts/phishing-models/requirements.txt
Path to vulnerable library: /models/validation-inference-scripts/phishing-models/requirements.txt,/models/validation-inference-scripts/root-cause-models/requirements.txt,/models/validation-inference-scripts/root-cause-models/requirements.txt,/models/validation-inference-scripts/phishing-models/requirements.txt
Found in HEAD commit: 42a2d393427e16f1b80a5df9fe14a37d045088ad
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2023-0180
### Vulnerable Library - sympy-1.10.1-py3-none-any.whlComputer algebra system (CAS) in Python
Library home page: https://files.pythonhosted.org/packages/d0/04/66be21ceb305c66a4b326b0ae44cc4f027a43bc08cac204b48fb45bb3653/sympy-1.10.1-py3-none-any.whl
Path to dependency file: /models/validation-inference-scripts/phishing-models/requirements.txt
Path to vulnerable library: /models/validation-inference-scripts/phishing-models/requirements.txt,/models/validation-inference-scripts/root-cause-models/requirements.txt,/models/validation-inference-scripts/root-cause-models/requirements.txt,/models/validation-inference-scripts/phishing-models/requirements.txt
Dependency Hierarchy: - :x: **sympy-1.10.1-py3-none-any.whl** (Vulnerable Library)
Found in HEAD commit: 42a2d393427e16f1b80a5df9fe14a37d045088ad
Found in base branch: branch-23.03
### Vulnerability DetailsXML External Entity (XXE) injection in sympy in sympy/sympy
Publish Date: 2023-03-29
URL: WS-2023-0180
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://huntr.dev/bounties/692bf03d-973b-4fbc-b9e4-dd158bdd422b/
Release Date: 2023-03-29
Fix Resolution: 1.12
Step up your Open Source Security Game with Mend [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)