Product Research Enterprise Plans Docs

PyPi: Omegaml

CVE-2020-10994

Transitive

Safety vulnerability ID: 52246

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 25, 2020 Updated at Mar 08, 2024

Scan your Python projects for vulnerabilities →

Advisory

Omegaml 0.15.2 updates its dependency 'pillow' to v9.0.1 to include security fixes.
https://github.com/omegaml/omegaml/pull/273

Affected package

omegaml

Latest version: 0.16.2

An open source DataOps, MLOps platform for humans

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Further docs by miraculixx in https://github.com/omegaml/omegaml/pull/209
* upgrade dependencies by miraculixx in https://github.com/omegaml/omegaml/pull/215
* Fix 211 by miraculixx in https://github.com/omegaml/omegaml/pull/212
* Enable easier objects imexport 216 by miraculixx in https://github.com/omegaml/omegaml/pull/217
* Simplify qualifiers by miraculixx in https://github.com/omegaml/omegaml/pull/219
* Further docs by miraculixx in https://github.com/omegaml/omegaml/pull/214
* various updates by miraculixx in https://github.com/omegaml/omegaml/pull/222
* Enable runtime serve by miraculixx in https://github.com/omegaml/omegaml/pull/210
* Remove unused by miraculixx in https://github.com/omegaml/omegaml/pull/224
* Upgrade mongodb by miraculixx in https://github.com/omegaml/omegaml/pull/220
* Performance gains by miraculixx in https://github.com/omegaml/omegaml/pull/223
* Auth refactor by miraculixx in https://github.com/omegaml/omegaml/pull/226
* fup auth refactor updates by miraculixx in https://github.com/omegaml/omegaml/pull/228
* upgrade rabbitmq by miraculixx in https://github.com/omegaml/omegaml/pull/229
* upgrade pymongo 4.1 by miraculixx in https://github.com/omegaml/omegaml/pull/225
* fup to auth env refactorign, upgrades of pymongo, performance tuning by miraculixx in https://github.com/omegaml/omegaml/pull/230
* enable client-provided jwt authentication by miraculixx in https://github.com/omegaml/omegaml/pull/233
* bug fixes by miraculixx in https://github.com/omegaml/omegaml/pull/236
* runtime.scripts/tasks uses delegate pattern to call the backend by miraculixx in https://github.com/omegaml/omegaml/pull/240
* Improve token auth by miraculixx in https://github.com/omegaml/omegaml/pull/242
* add pre-/post task hooks using common .perform() backend method by miraculixx in https://github.com/omegaml/omegaml/pull/246
* fix compressed export filename by miraculixx in https://github.com/omegaml/omegaml/pull/245
* refactor package build by miraculixx in https://github.com/omegaml/omegaml/pull/250
* refactor tracking dataset metadata by miraculixx in https://github.com/omegaml/omegaml/pull/249
* Py38 stability by miraculixx in https://github.com/omegaml/omegaml/pull/251
* Enable swagger api by miraculixx in https://github.com/omegaml/omegaml/pull/244
* Fix mlflow gitissue by miraculixx in https://github.com/omegaml/omegaml/pull/257
* Pandas dtypes api spec by miraculixx in https://github.com/omegaml/omegaml/pull/256
* win10.x compatibility by miraculixx in https://github.com/omegaml/omegaml/pull/255
* python 3.10 build support by miraculixx in https://github.com/omegaml/omegaml/pull/260
* Enable om deploy by miraculixx in https://github.com/omegaml/omegaml/pull/261
* simplify logger access by miraculixx in https://github.com/omegaml/omegaml/pull/264
* remove apikey from log output by miraculixx in https://github.com/omegaml/omegaml/pull/266
* simplify logger access by omegaml in https://github.com/omegaml/omegaml/pull/265
* Experiments log effective userid by miraculixx in https://github.com/omegaml/omegaml/pull/262
* extend swagger api mapping by miraculixx in https://github.com/omegaml/omegaml/pull/268
* improve windows compatibility by miraculixx in https://github.com/omegaml/omegaml/pull/270
* [Snyk] Security upgrade urllib3 from 1.24.3 to 1.26.5 by omegaml in https://github.com/omegaml/omegaml/pull/259
* [Snyk] Security upgrade protobuf from 3.8.0 to 3.18.3 by snyk-bot in https://github.com/omegaml/omegaml/pull/263
* [Snyk] Security upgrade joblib from 0.13.2 to 1.2.0 by snyk-bot in https://github.com/omegaml/omegaml/pull/267
* [Snyk] Security upgrade tensorflow/tensorflow from 2.2.0-gpu-jupyter to 2.10.0rc3-gpu-jupyter by snyk-bot in https://github.com/omegaml/omegaml/pull/248
* load config file for local in-memory worker by miraculixx in https://github.com/omegaml/omegaml/pull/243
* ensure om.runtime default tracking is applied by miraculixx in https://github.com/omegaml/omegaml/pull/272
* [Snyk] Fix for 69 vulnerabilities by omegaml in https://github.com/omegaml/omegaml/pull/273
* Enable celery monitoring hook by miraculixx in https://github.com/omegaml/omegaml/pull/274

New Contributors
* snyk-bot made their first contribution in https://github.com/omegaml/omegaml/pull/263

**Full Changelog**: https://github.com/omegaml/omegaml/compare/0.15.1...0.15.2-rc4

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10994

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.5

CVSS v3 Details

MEDIUM 5.5

Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 4.3

Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Impact (A): PARTIAL