PyPi: Textattack

CVE-2021-37676

Transitive

Safety vulnerability ID: 42603

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 12, 2021 Updated at Mar 11, 2024
Scan your Python projects for vulnerabilities →

Advisory

Textattack 0.3.4 updates its dependency 'tensorflow' to v2.5.1 to include several security fixes.

Affected package

textattack

Latest version: 0.3.10

A library for generating text adversarial examples

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* [CODE] Keras parallel attack fix - Issue 499 by sanchit97 in https://github.com/QData/TextAttack/pull/515
* Bump tensorflow from 2.4.2 to 2.5.1 in /docs by dependabot in https://github.com/QData/TextAttack/pull/517
* Add a high level overview diagram to docs by cogeid in https://github.com/QData/TextAttack/pull/519
* readtheDoc fix by qiyanjun in https://github.com/QData/TextAttack/pull/522
* Add new attack recipe A2T by jinyongyoo in https://github.com/QData/TextAttack/pull/523
* Fix incorrect `__eq__` method of `AttackedText` in `textattack/shared/attacked_text.py` by wenh06 in https://github.com/QData/TextAttack/pull/509
* Fix a bug when running textattack eval with --num-examples=-1 by dangne in https://github.com/QData/TextAttack/pull/521
* New metric module to improve flexibility and intuitiveness - moved from 475 by sanchit97 in https://github.com/QData/TextAttack/pull/514
* Update installation.md to add FAQ on installation by qiyanjun in https://github.com/QData/TextAttack/pull/535
* Fix dataset-split bug by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/533
* Update by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/541
* add custom dataset API use example in doc by qiyanjun in https://github.com/QData/TextAttack/pull/543
* Fix logger initiation bug by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/539
* Updated Tutorial 0 to use the Rotten Tomatoes dataset instead of the … by srujanjoshi in https://github.com/QData/TextAttack/pull/542
* Back translation transformation by cogeid in https://github.com/QData/TextAttack/pull/534
* Fixed a bug in the allennlp tutorial by donggrant in https://github.com/QData/TextAttack/pull/546
* Logger bug fix by ankitgv0 in https://github.com/QData/TextAttack/pull/551
* add "textattack[tensorflow]" option in all tutorials by qiyanjun in https://github.com/QData/TextAttack/pull/559
* Fix CLARE Extra Character Bug by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/556
* Fix metric-module Issue532 by sanchit97 in https://github.com/QData/TextAttack/pull/540
* Add API docstrings for back translation by cogeid in https://github.com/QData/TextAttack/pull/563
* Fixed the "no attribute" error from 536 by ankitgv0 in https://github.com/QData/TextAttack/pull/552
* Enhance augment function by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/531
* fix read-the-doc installation issue / clean up and add new docstrings for recently added classes/packages by qiyanjun in https://github.com/QData/TextAttack/pull/569

New Contributors
* wenh06 made their first contribution in https://github.com/QData/TextAttack/pull/509
* dangne made their first contribution in https://github.com/QData/TextAttack/pull/521
* srujanjoshi made their first contribution in https://github.com/QData/TextAttack/pull/542
* donggrant made their first contribution in https://github.com/QData/TextAttack/pull/546
* ankitgv0 made their first contribution in https://github.com/QData/TextAttack/pull/551

**Full Changelog**: https://github.com/QData/TextAttack/compare/v0.3.3...v0.3.4

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.8

CVSS v3 Details

HIGH 7.8
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
LOW
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 4.6
Access Vector (AV)
LOCAL
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL