Open mend-bolt-for-github[bot] opened 3 years ago
opencv_python-4.1.1.26-cp36-cp36m-manylinux1_x86_64.whl
Wrapper package for OpenCV python bindings.
Library home page: https://files.pythonhosted.org/packages/5e/7e/bd5425f4dacb73367fddc71388a47c1ea570839197c2bcad86478e565186/opencv_python-4.1.1.26-cp36-cp36m-manylinux1_x86_64.whl
Path to dependency file: /client/requirements.txt
Path to vulnerable library: /client/requirements.txt
Dependency Hierarchy: - :x: **opencv_python-4.1.1.26-cp36-cp36m-manylinux1_x86_64.whl** (Vulnerable Library)
Library home page: https://files.pythonhosted.org/packages/f8/b0/89f8abccea0810b43d25033d6a02dbe81494cd0013a61ce588c0c0d90dd1/opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl
Dependency Hierarchy: - :x: **opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl** (Vulnerable Library)
Found in base branch: dev
OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
Publish Date: 2019-09-11
URL: CVE-2019-16249
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-x3rm-644h-67m8
Release Date: 2019-09-11
Fix Resolution: 4.1.2.30
Step up your Open Source Security Game with Mend here
CVE-2019-16249 - Medium Severity Vulnerability
opencv_python-4.1.1.26-cp36-cp36m-manylinux1_x86_64.whl
Wrapper package for OpenCV python bindings.
Library home page: https://files.pythonhosted.org/packages/5e/7e/bd5425f4dacb73367fddc71388a47c1ea570839197c2bcad86478e565186/opencv_python-4.1.1.26-cp36-cp36m-manylinux1_x86_64.whl
Path to dependency file: /client/requirements.txt
Path to vulnerable library: /client/requirements.txt
Dependency Hierarchy: - :x: **opencv_python-4.1.1.26-cp36-cp36m-manylinux1_x86_64.whl** (Vulnerable Library)
opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl
Wrapper package for OpenCV python bindings.
Library home page: https://files.pythonhosted.org/packages/f8/b0/89f8abccea0810b43d25033d6a02dbe81494cd0013a61ce588c0c0d90dd1/opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl
Path to dependency file: /client/requirements.txt
Path to vulnerable library: /client/requirements.txt
Dependency Hierarchy: - :x: **opencv_contrib_python-3.4.3.18-cp36-cp36m-manylinux1_x86_64.whl** (Vulnerable Library)
Found in base branch: dev
OpenCV 4.1.1 has an out-of-bounds read in hal_baseline::v_load in core/hal/intrin_sse.hpp when called from computeSSDMeanNorm in modules/video/src/dis_flow.cpp.
Publish Date: 2019-09-11
URL: CVE-2019-16249
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-x3rm-644h-67m8
Release Date: 2019-09-11
Fix Resolution: 4.1.2.30
Step up your Open Source Security Game with Mend here