Product Research Enterprise Plans Docs

PyPi: Epam-Indigo

CVE-2021-44832

Transitive

Safety vulnerability ID: 49010

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 28, 2021 Updated at Nov 07, 2023

Scan your Python projects for vulnerabilities →

Advisory

Epam.indigo 1.6.1 updates version of 'Elasticsearch' to v7.16.1 to remove risk of log4j issue.
https://github.com/epam/Indigo/pull/553

Affected package

epam-indigo

Latest version: 1.4.0b0

Indigo universal cheminformatics toolkit

Affected versions

Fixed versions

Vulnerability changelog

Released 2021-12-28

Features
* PoC implementation of Indigo modern C++ user API written on top of low-level C API. Later it will be used
in Indigo-WASM and probably other languages.
* New Indigo service added as preview. Modernized Indigo service implements JSON:API protocol and can be installed as
Docker image `epmlsop/indigo-service:enhanced-latest`.
* Indigo API ported to ARM64 processor architecture. Python, Java and C wrappers now contain required native libraries
for macOS (Apple M1) and Linux.
* Implemented loader for CDXML format.
* Dative and hydrogen bonds are now supported.
* Implemented partial aromatization/dearomatization for the structures with superatoms.
* Multifragment support for KET-format.
* Simple objects support for KET-format.
* Atom's aliases and functional groups' attributes support for KET-format.
* Indigo-Python: initial version of inorganic salt checker added.

Improvements
* Bingo-NoSQL major refactoring with significant multithreading performance improvements.
* C++ unittests were separated in API and Core parts.
* CMake build system by default tries to enable as many components as possible and warns if building something
is not possible on the current platform.
* Migrated to modern C++ standard mutexes and locks instead of own-written implementation.
* Using thread-safe objects in Indigo API instead of raw mutexes to guarantee thread safety.
* C++ code modernization: added 'override', replaced plain C functions with corresponding from std, etc.
* Indigo API integration tests engine parallelized.
* Indigo WASM API for Ketcher reached stable status and is now published to NPM public repository.
* Indigo i386 libraries for Windows prepared.
* CI/CD: automatic code style checks and linters added for Python and C++ code.

Bugfixes
* Fixed multiple data races in API and especially in Bingo-NoSQL (476).
* InChI library bugfix for empty string support
* Multiple small bugfixes in Indigo-Ketcher WASM module and Indigo Service.
* Bingo-Elastic-Java: updated all dependencies to fix log4j security issue.
* Fixed an occasional error in RPE.
* Bingo-NoSQL: fixed `enumerateId()` in Java.

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.6

CVSS v3 Details

MEDIUM 6.6

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH

CVSS v2 Details

HIGH 8.5

Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (Au): SINGLE
Confidentiality Impact (C): COMPLETE
Integrity Impact (I): COMPLETE
Availability Impact (A): COMPLETE