Product Research Enterprise Plans Docs

PyPi: Mlrun

CVE-2021-3999

Transitive

Safety vulnerability ID: 49188

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 24, 2022 Updated at May 17, 2024

Scan your Python projects for vulnerabilities →

Advisory

Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.
https://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e

Affected package

mlrun

Latest version: 1.6.2

Tracking and config of machine learning runs

Affected versions

Fixed versions

Vulnerability changelog

Features / Enhancements
* **UI**: [Features & enhancement](https://github.com/mlrun/ui/releases/tag/v1.0.3-rc1#features-and-enhancements)

Bug fixes
* **Images**: Fix security vulnerabilities, 1997, Hedingber
* **UI**: [Bug fixes](https://github.com/mlrun/ui/releases/tag/v1.0.3-rc1#bug-fixes)

Pull requests:
04358d2a [Images] Fix security vulnerabilities (1997)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.8

CVSS v3 Details

HIGH 7.8

Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH