Product Research Enterprise Plans Docs

PyPi: Determined

CVE-2021-41214

Transitive

Safety vulnerability ID: 43319

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 05, 2021 Updated at May 10, 2024

Scan your Python projects for vulnerabilities →

Advisory

Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.

Affected package

determined

Latest version: 0.32.1

Determined AI: The fastest and easiest way to build deep learning models.

Affected versions

Fixed versions

Vulnerability changelog

b63e9117 chore: lock api state for backward compatibility check
1be80269 feat: Adding Openshift route support in Helm chart (3214)
5fa9e59f chore: prefer https over git for npm dependency (3225)
b184eb97 fix: overflow buttons on small screens (3227)
f15a1fcc feat: add link to docs in Model Registry empty state (3226)
3cc7d127 chore: reorder where Model Registry appears in navbar (3224)
b8548bce feat: don't delete image before force_pull_image [DET-6145] (3219)
b41ae1dd fix: reorder migrations so timestamps reflect commit order (3223)
c4153dce feat: track historical allocation over users for all tasks (3199) [DET-6247]
939754b2 fix: update experiment state filter [DET-6217] (3216)
73917ee2 feat: read-only model registry UI [DET-5992] [DET-5993] [DET-5994] (3172)
168f2aa2 fix: experiment delete should work when trials have restarts (3212)
9ff9c638 feat: image updates: add tf 2.7; security tf 2.4, 2.5, 2.6; fix PTL. (3215)
2a6f3605 fix: typo in experiment state go to postgres enum mapping (3211)
78748225 feat: model registry API can update name, has Notes field (3213)
f41d178d feat: detect MIG instances in agents (3204)
1aa22252 feat: add `det deploy gke-experimental` [DET-5752] (3136)
525777bd ci: manual image scanning with anchore script. (3206)
bd747d3b docs: remove note about model.predict (3202)
1cb6e2a7 fix: Continue using model names on the CLI [DET-6152] (3152)
6dd7410f chore: enforce consistent spacing around operators (3200)
7311d66d chore: reusable action dropdown (3194)
e1dbd091 ci: update gke version. (3207)
d82530d3 Fix: add user_id to previous model_versions (3208)
612312f2 fix: use ListValue to receive empty list on labels field (3198)
ae1d367c fix: display short version in sidebar properly (3197)
f5939c4b style: remove text-shadow from selected antd tabs (3201)
6ef67655 chore: update string tests organization (3192)
290ab556 refactor: simplify api and api config imports [DET-6201] (3193)
4c675d3a docs: remove det exp from docs (3183)
0cf46177 chore: trial log settings query param [DET-6206] (3196)
1221690e chore: convert master logs to use new streaming api [DET-5267, DET-6187] (3111)
14a429cd refactor: condense master RM modules together. (3173)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41214

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.8

CVSS v3 Details

HIGH 7.8

Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 4.6

Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): PARTIAL