Product Research Enterprise Plans Docs

PyPi: Syft

CVE-2022-40897

Transitive

Safety vulnerability ID: 65499

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 23, 2022 Updated at Apr 28, 2024

Scan your Python projects for vulnerabilities →

Advisory

Syft version 0.8.5 updates its setuptools requirement to version 65.5.1 from the prior 39.0.1 to address the security vulnerability identified as CVE-2022-40897.

Affected package

syft

Latest version: 0.8.6

Perform numpy-like analysis on data that remains in someone elses server

Affected versions

Fixed versions

Vulnerability changelog

Very shortly, the dev branch will switch to 0.8.4 beta and we will continue to support hotfixes into 0.8.4 as needed here: https://github.com/OpenMined/pysyft/tree/0.8.4

ChangeLog

Kubernetes and Container Management:

1. Add envs var for testing with k8s [8325]
2. Fixed worker cpu version [8335]
3. Randomizing default helm credentials [8180]
4. Container Workload I [8311]
5. Delete Functionality for workers in WorkerPool [8343]
6. Add endpoint for getting worker container logs [8346]
7. Fix kubernetes ci/cd [8362]
8. Remove chart version from volume claim templates [8366]
9. Kubernetes custom worker builder [8417]
10. Re-enabled k8s test [8426]
11. Kubernetes-based worker pool [8425]
12. Fix kubernetes cloud deployment issues [8447]
13. Scale worker pool in kubernetes [8461]
14. Cleanup old images and manifests from kubernetes dev registry [8471]
15. Fix kubernetes dev workflows [8416]
16. Fix CD-Syft Concurrency [8454]

Continuous Integration and Continuous Deployment (CI/CD) and Version Management:

1. POST RELEASE - Revert Changes [8334]
2. Bump actions/setup-python from 4 to 5 [8340]
3. Bump vite from 4.4.4 to 4.4.12 in /packages/grid/frontend [8313]
4. Bump github/codeql-action from 2 to 3 [8353]
5. Bump actions/download-artifact from 3 to 4 [8354]
6. Bump actions/upload-artifact from 3 to 4 [8355]
7. Bump mongodb [8358]
8. [Snyk] Fix for 10 vulnerabilities [8356]
9. Bump crazy-max/ghaction-setup-docker from 2.2.0 to 3.0.0 [8367]
10. [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 [8361]
11. Bump dorny/paths-filter from 2 to 3 [8422]
12. Bump actions/cache from 3 to 4 [8409]
13. Bump pre-commit/action from 3.0.0 to 3.0.1 [8477]
14. Bump pnpm/action-setup from 2 to 3 [8476]
15. Bump vite from 4.4.12 to 4.5.2 in /packages/grid/frontend [8406]

Worker and Job Management:

1. ADD Thread mode execution for jobs and subjobs. [8309]
2. Ability to Queue Messages to different containers [8344]
3. Add worker status [8350]
4. Added api for worker details [8347]
5. Worker Pool to SyftFunction Integration [8376]
6. Fix bugs in Default Worker Pool Spinning [8380]
7. Fix job.wait() api to allow it to wait for subjobs [8392]
8. Data scientists can see worker pools, image, workers [8394]
9. Move worker_pool_service.get_worker to worker_service.get [8397]
10. Fix bug in jobs and launching of workers [8419]
11. DS/DO Flow for Request/Approve CustomImage [8398]

Security and Linting:

1. Linting [8339]
2. Always close DockerClient after use [8357]
3. Auto Lint+Format Notebooks + Update pre-commit hooks [8386]
4. [syft] fix: remove extra two div tags from custom_code [8404]

Development and Code Fixes:

1. Removed broken beta builds [8341]
2. Change URL generation Azure mounted files [8338]
3. feat: helm consumer report [8351]
4. Adding __repr__ for container workload classes [8337]
5. Fix dataset and asset default values [8308]
6. Safer execution [8378]
7. fix multiple workers spinning up on hot reload [8385]
8. syncing l0 [8377]
9. Update README.md by removing $ from command lines [8408]
10. Allow optional description for DockerWorkerConfig [8410]
11. Remove job v4, add new schema to job v3 [8407]
12. [UX] Rename Container Workload Services [8396]
13. [Refactor] Fixing mypy issues of service/warnings.py [8458]
14. [Refactor] Fixing mypy issues of service/dataset [8464]
15. [Refactor] Fixing mypy issues of syft/service/worker [8466]
16. [Refactor] Fixing mypy issues of service/user [8460]
17. [UX] Shorthand for Worker Logs [8400]
18. Local execution [8387]
19. Debug Notebooks [8509]
20. Unpinned jupyter [8428]

Infrastructure and Operational Enhancements:

1. fix read [8352]
2. Fix Aritifacts CD- Release [8364]
3. fix environment name [8365]
4. ZMQ fixes [8403]
5. Clean up worker_pool service [8405]
6. Improve UX for file upload [8391]
7. fix protocol version json [8424]
8. Output policy error handling fix [8463]
9. Add a test image build method to DockerWorkerConfig [8437]
10. Added tunshell debugging [8468]
11. Freeze protocol version [8452]
12. Use pytest<8 to maintain compatibility with pytest-lazy-fixure [8478]
13. Remove syft imports from Orchestra [8472]
14. Fix Hagrid [8483]
15. fixed concurrency in hagrid releases [8484]
16. Fix Protocol Bug [8493]
17. Optimizing Release Process [8486]
18. added syft version to github.event.inputs for dependent workflow [8494]
19. shift to using workflow_call [8495]
20. removed hardcoded syft versions [8496]
21. modified syft node uid to syft node location [8498]
22. Automated Helm Test [8499]
23. Added e2e notebook tests to trigger manually in github [8507]
24. Bump Versions Release Script [8508]
25. patch worker count to be 0 if unspecified [8510]

Dependency and Package Management:

1. Bump mongodb [8358]
2. [Snyk] Fix for 10 vulnerabilities [8356]
3. [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1 [8361]
4. Upgrade transformers [8427]

Miscellaneous:

1. ADD ActionDataLink/ Update action object [8349]
2. fix: frontend issues [8192]
3. Fix Consumer being detached for long time [8432]
4. Fixed issue where new args in hagrid break syft code [8435]
5. Fix HAGrid Runtime [8436]
6. [Container Workload] Fix k8s [8443]
7. [k8s] fix slow and expensive build calls [8442]
8. Fix DictTuple exception when invoking images.get_all() [8441]
9. [CD] Optimizing CD Pipeline [8440]
10. Add pullImageSecrets for authenticated registries [8444]
11. Fix CD [8446]
12. Fixing bug docker profiles array items[0,1] must be unique [8445]
13. added syft 0.8.3 to helm repo folder [8453]
14. Fix kubernetes cloud deployment issues [8447]
15. Scale worker pool in kubernetes [8461]
16. Move queue constr [8462]
17. remove syft imports from Orchestra [8472]
18. fix: change k8s port to 5800 [8469]
19. Seaweed large file fix [8434]
20. ADD script to save AKS credentials in 1password [8199]
21. Update Consume State Health [8399]
22. Cw minor fixes [8414]
23. fix nested syncing [8415]
24. Execute usercode on mock data [8413]
25. Tests for container workload services using container stack nodes [8412]
26. Fix orchestra [8420]

**Full Changelog**: https://github.com/OpenMined/PySyft/compare/v0.8.3...v0.8.4

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.9

CVSS v3 Details

MEDIUM 5.9

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH