Workflow

PyPi: Aws-Parallelcluster

CVE-2021-3737

Transitive

Safety vulnerability ID: 51655

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 04, 2022 Updated at Apr 11, 2024
Scan your Python projects for vulnerabilities →

Advisory

Aws-parallelcluster 3.2.1 updates Python from 3.7.10 to 3.7.13 to include a fix for CVE-2021-3737.

Affected package

aws-parallelcluster

Latest version: 3.9.1

AWS ParallelCluster is an AWS supported Open Source cluster management tool to deploy and manage HPC clusters in the AWS cloud.

Affected versions

Fixed versions

Vulnerability changelog

-----

**ENHANCEMENTS**
- Improve the logic to associate the host routing tables to the different network cards to better support EC2 instances with several NICs.

**CHANGES**
- Upgrade NVIDIA driver to version 470.141.03.
- Upgrade NVIDIA Fabric Manager to version 470.141.03.
- Disable cron job tasks man-db and mlocate, which may have a negative impact on node performance.
- Upgrade Intel MPI Library to 2021.6.0.602.
- Upgrade Python from 3.7.10 to 3.7.13 in response to this [security risk](https://nvd.nist.gov/vuln/detail/CVE-2021-3737).

**BUG FIXES**
- Avoid failing on DescribeCluster when cluster configuration is not available.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.1
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Impact (A)
COMPLETE