Safety vulnerability ID: 53729
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Natcap.invest 3.12.1 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.
Latest version: 3.14.2
InVEST Ecosystem Service models
-------------------
* General
* Fixed a possible path traversal vulnerability when working with datastack
archives. This patches CVE-2007-4559, reported to us by Trellix.
https://github.com/natcap/invest/issues/1113
* Updating descriptions for LULC about text and biophysical table for
clarity in model specs. https://github.com/natcap/invest/issues/1077
* Workbench
* Fixed a bug where the Workbench would become unresponsive during an
InVEST model run if the model emitted a very high volume of log messages.
* Fixed a bug where the Workbench could crash if there was too much
standard error emitted from an invest model.
* Added a new "Save as" dialog window to handle different save options, and
allow the option to use relative paths in a JSON datastack
(`1088 <https://github.com/natcap/invest/issues/1088>`_)
* Fixed a bug where uncaught exceptions in the React tree would result in
a blank browser window.
(`1119 <https://github.com/natcap/invest/issues/1119>`_)
* Habitat Quality
* All spatial inputs including the access vector and threat rasters are
now reprojected to the ``lulc_cur_path`` raster. This fixes a bug where
rasters with a different SRS would appear to not intersect the
``lulc_cur_path`` even if they did. (https://github.com/natcap/invest/issues/1093)
* Paths in the threats table may now be either absolute or relative to the
threats table.
* HRA
* Fixed a regression relative to InVEST 3.9.0 outputs where spatial
criteria vectors were being rasterized with the ``ALL_TOUCHED=TRUE``
flag, leading to a perceived buffering of spatial criteria in certain
cases. In InVEST 3.9.0, these were rasterized with ``ALL_TOUCHED=FALSE``.
https://github.com/natcap/invest/issues/1120
* Fixed an issue with the results table, ``SUMMARY_STATISTICS.csv`` where
the percentages of high, medium and low risk classifications were not
correctly reported.
* Added a column to the ``SUMMARY_STATISTICS.csv`` output table to also
report the percentage of pixels within each subregion that have no risk
classification (a risk classification of 0).
* Urban Stormwater Retention
* Added validation to check that the input soil groups raster has an
integer data type
* Urban Cooling
* Updated the text for the ``building_intensity`` column in the biophysical
table to clarify that the values of this column should be normalized
relative to one another to be between 0 and 1.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application