Product Research Enterprise Plans Docs

PyPi: Syft

CVE-2021-27291

Transitive

Safety vulnerability ID: 66857

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 17, 2021 Updated at Apr 28, 2024

Scan your Python projects for vulnerabilities →

Advisory

Syft version 0.8.5b10 updates its Pygments dependency to version 2.15.0, addressing a vulnerability to Regular Expression Denial of Service (ReDoS) as highlighted by CVE-2021-27291.
https://github.com/OpenMined/PySyft/pull/8479/commits/4d6787e7a1afc4cea3307926858dd451fc00b609

Affected package

syft

Latest version: 0.8.6

Perform numpy-like analysis on data that remains in someone elses server

Affected versions

Fixed versions

Vulnerability changelog

What's Changed

* dependencies for sync by eelcovdw in https://github.com/OpenMined/PySyft/pull/8482
* 5 - ADD Notifier turn off service by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8490
* 4 - ADD Notifier turn_on service by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8489
* 2 - Add init notifier by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8487
* 3 - ADD Notifier Settings for Admin view by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8488
* 1 - Enable notifier Service by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8485
* split sync state func by eelcovdw in https://github.com/OpenMined/PySyft/pull/8503
* ADD Hagrid/K8s email token flag by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8497
* Integrate Notifier Service with Postmark by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8504
* Enable notifications via settings api by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8506
* Rasswanth/update 0.8.5 beta by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8515
* [WIP] sync service by eelcovdw in https://github.com/OpenMined/PySyft/pull/8516
* [WIP] Added diff classes by teo-milea in https://github.com/OpenMined/PySyft/pull/8502
* [Refactor] Fixing mypy issues (01) by khoaguin in https://github.com/OpenMined/PySyft/pull/8451
* Check Invalid Email Token by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8520
* Replace email_token -> username/password credentials by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8522
* Add email templates by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8524
* Veilid Prototype by madhavajay in https://github.com/OpenMined/PySyft/pull/8421
* ADD Email Sender Parameter by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8527
* hierarchical resolve for sync by eelcovdw in https://github.com/OpenMined/PySyft/pull/8519
* Add email notification setting to User by jcardonnet in https://github.com/OpenMined/PySyft/pull/8525
* Removing nested_requests from UserCode by teo-milea in https://github.com/OpenMined/PySyft/pull/8470
* ADD Activate/Deactivate notifier aliases for the notification service by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8521
* [Refactor] Fixing mypy issues for `syft/service/` and `syft/util/` by khoaguin in https://github.com/OpenMined/PySyft/pull/8492
* Bump nick-fields/retry from 2 to 3 by dependabot in https://github.com/OpenMined/PySyft/pull/8450
* [Snyk] Fix for 12 vulnerabilities by madhavajay in https://github.com/OpenMined/PySyft/pull/8479
* Bump undici from 5.27.0 to 6.6.2 in /packages/grid/frontend by dependabot in https://github.com/OpenMined/PySyft/pull/8505
* Upgrade result Library to version 0.16.0 and pycapnp by shubham3121 in https://github.com/OpenMined/PySyft/pull/8535
* Update typeguard and networkx by shubham3121 in https://github.com/OpenMined/PySyft/pull/8538
* Eelco/decouple output history by eelcovdw in https://github.com/OpenMined/PySyft/pull/8534
* Remove "Notifications are in beta" message when calling Notifications Service methods by jcardonnet in https://github.com/OpenMined/PySyft/pull/8540
* Add helm upgrade test by yashgorana in https://github.com/OpenMined/PySyft/pull/8529
* Lint+Audit Helm charts by yashgorana in https://github.com/OpenMined/PySyft/pull/8537
* Bump crazy-max/ghaction-setup-docker from 3.0.0 to 3.1.0 by dependabot in https://github.com/OpenMined/PySyft/pull/8547
* Python remote debugging in Kubernetes by yashgorana in https://github.com/OpenMined/PySyft/pull/8481
* [K8s] Parametrize tox task by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8531
* node state sync fix tests by eelcovdw in https://github.com/OpenMined/PySyft/pull/8550
* fix notebook: mention opendp by koenvanderveen in https://github.com/OpenMined/PySyft/pull/8551
* Node syncing by koenvanderveen in https://github.com/OpenMined/PySyft/pull/8475
* [Refactor] Fixing mypy issues of `syft/` by khoaguin in https://github.com/OpenMined/PySyft/pull/8523
* fix protocol version by shubham3121 in https://github.com/OpenMined/PySyft/pull/8552
* Upgrade to pydantic v2 by kiendang in https://github.com/OpenMined/PySyft/pull/8459
* Bump class versions and deprecate older versioned classes by shubham3121 in https://github.com/OpenMined/PySyft/pull/8554
* Email Notifications by jcardonnet in https://github.com/OpenMined/PySyft/pull/8455
* Bump versions and remove Redis and safetensors by shubham3121 in https://github.com/OpenMined/PySyft/pull/8555
* Cleanup helm charts by yashgorana in https://github.com/OpenMined/PySyft/pull/8546
* refactor: use syft_object to get data from SyftObjectRetrieval by tcp in https://github.com/OpenMined/PySyft/pull/8429
* ADD a notebook test for HELM mounted files in azure by IonesioJunior in https://github.com/OpenMined/PySyft/pull/8395
* Bump softprops/action-gh-release from 1 to 2 by dependabot in https://github.com/OpenMined/PySyft/pull/8565
* [UX] Suppress `capnp` path warning upon initially importing syft by khoaguin in https://github.com/OpenMined/PySyft/pull/8563
* Upgrade to Python 3.12 by koenvanderveen in https://github.com/OpenMined/PySyft/pull/8559
* Storage permissions by koenvanderveen in https://github.com/OpenMined/PySyft/pull/8556
* port remaining cd flows to python 3.12 by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8567
* Fix python3 not found in backend container by yashgorana in https://github.com/OpenMined/PySyft/pull/8571
* Veilid Prototype Iteration 2 by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8526
* update protocol version by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8575
* Adding git to cd-syft by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8576
* Fix unit tests by yashgorana in https://github.com/OpenMined/PySyft/pull/8553
* Fix Veilid IPV6 Binding Issue by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8581
* Bump Frontend Default Resources Preset by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8580
* fix warnings in dataset transform + privateattr check by eelcovdw in https://github.com/OpenMined/PySyft/pull/8570
* Veilid Optimization Iteration 2 by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8582
* Use `uv` in tox by yashgorana in https://github.com/OpenMined/PySyft/pull/8569
* Bump fastapi from 0.103.2 to 0.109.1 in /packages/grid/veilid by dependabot in https://github.com/OpenMined/PySyft/pull/8573
* Revert dm-haiku==0.0.10 for arm64 linux and tensorstore issues by madhavajay in https://github.com/OpenMined/PySyft/pull/8587
* Fix syft.test.helm by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8589
* Fix Helm Upgrade by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8590
* Fix CD- Syft by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8594
* Veilid Improvements v3 by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8591
* Changed ENABLE_SIGNUP in tox task to False to prevent 07 notebook error by madhavajay in https://github.com/OpenMined/PySyft/pull/8586
* Fix api bugs by teo-milea in https://github.com/OpenMined/PySyft/pull/8599
* Veilid Chunking by rasswanth-s in https://github.com/OpenMined/PySyft/pull/8558
* SQLite WAL + store cleanups + fix some unit test fixes by yashgorana in https://github.com/OpenMined/PySyft/pull/8585
* Removing issue where hagrid art is causing warnings in notebooks by madhavajay in https://github.com/OpenMined/PySyft/pull/8601
* Improve .dockerignore files by madhavajay in https://github.com/OpenMined/PySyft/pull/8608
* Improve helm secrets template by yashgorana in https://github.com/OpenMined/PySyft/pull/8598
* Cleanup service instantiation by yashgorana in https://github.com/OpenMined/PySyft/pull/8607
* Validate Input Policy and show info on user code caches by shubham3121 in https://github.com/OpenMined/PySyft/pull/8596

**Full Changelog**: https://github.com/OpenMined/PySyft/compare/v0.8.4...v0.8.5b10

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27291

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 5.0

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Impact (A): PARTIAL