Workflow

PyPi: Determined

CVE-2018-12886

Transitive

Safety vulnerability ID: 42148

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 22, 2019 Updated at Dec 03, 2024
Scan your Python projects for vulnerabilities →

Advisory

Determined 0.17.0rc0 switches from debian:10.3-slim to ubuntu:20.04 and unattended-upgrades, to fix security issues.
https://github.com/determined-ai/determined/pull/2914

Affected package

determined

Latest version: 0.38.0

Determined AI: The fastest and easiest way to build deep learning models.

Affected versions

Fixed versions

Vulnerability changelog

070dd4ba chore: lock api state for backward compatibility check
0b65b7ba feat: det deploy local: remove support for --auto-bind-mount [DET-5948] (2932)
b15b6894 fix: tell mypy to ignore azure (2990)
bcd959c8 fix: update cuda for fake tests (2983)
a0db48ea Add support for float16 serialization (2915)
d482f252 fix: address CVEs in agent & master docker images. (2989)
66b55b72 chore: update notebook README [DET-6001] (2985)
97262808 fix: implement boto3 wrapper to allow refreshable credentials [DET-5690] (2957)
bea93411 chore: StorageManagers operate on uuids, not checkpoint manifests (2970)
5542a0a7 chore: confirm with users when running det deploy aws down [DET-6000] (2984)
8c37d5b2 chore: update task log response shape (2986)
576b51f7 feat: support configuring working directory for tasks [DET-5009] (2773)
1825c546 fix: make PIDServer send SIGKILL after waiting on SIGTERM (2976)
64bf390a chore: unify task types [DET-5950, DET-5955] (2938)
8d98692d chore: popout new tab when clicking on task list links [DET-5998] (2979)
100f9b10 feat: allow experiment owner to delete their own experiments [DET-5989] (2977)
36ba4c35 chore: use mock library in doc building (2968)
086f0db3 chore: remove -r option since default macos ln doesn't support it (2971)
5a43b3ba chore: remove start_time from get_checkpoints_for_trial (2975)
8f22270c feat: remove start_time from all workload types [DET-5979] (2912)
483a24b1 chore: add STEP_WITH_OPTIMIZER setting for lr scheduler (2960)
fbb3294d chore: rework tensorboard and checkpoint gc paths (2948)
2c4f97e0 chore: fix returning nil error (2972)
557ea3ab chore: update GET raw allocation to account for loss of workload information [DET-5973] (2911)
722b89f1 fix: model-hub mmdetection logging (2964)
28cea50a chore: restore saml auth file to match ee version (2967)
451f5873 refactor: move ee to oss [DET-5937] (2963)
0eb13903 fix: update logic on when query url should be overridden (2942)
c4e97439 chore: add support for batch delete of experiments [DET-5224] (2958)
1f4315db chore: remove trial details start time related stats boxes [DET-5956] (2944)
e2319f8d chore: rename download model button (2962)
7344ce10 feat: add detectron2 example (2918)
a5d0e7df chore: rewrite primary resource allocation query over public.allocations [DET-5972] (2910)
f070ab20 chore: add warnings on resource manager exits (2903)
b0b5427e chore: add documentation for model-hub mmdetection [DET-5924] (2955)
e03bd4dc fix: fork nested hp [DET-5945] (2953)
3b1018c0 chore: fix a log message (2945)
5d11b817 fix: extraneous minio warning while using s3 (2916)
e64befd7 chore: fix rstrip bug in refresh-ubuntu-amis (2954)
e0e59123 fix: scroll trial ids with values in trial comparison [DET-5918] (2933)
560b38ee chore: update docs link in notebook webui modal (2950)
1295bbd9 feat: add support for nan and infinity metrics [DET-5944] (2943)
b1e33247 chore: pin mockery version (2949)
cddff01f fix: make uPlot axis expand to show new data when not zoomed in [DET-5941] (2928)
5f5b4456 chore: add support for throughput profile chart [DET-5596, DET-5732, DET-5913, DET-5923] (2886)
5d9918df chore: add 1.17 golang build syntax (2929)
8bc8b258 fix: correct the logic for hiding log preview for completed trials (2939)
b2da0721 feat: trial log preview [DET-5882] (2871)
99940002 fix: kubernetes link with agent user [DET-5907] (2927)
bb0fec14 fix: e2e nightly model-hub tests (2925)
9ddb0ec6 fix: make clear forbidden vs. unauthenticated [DET-5869] (2870)
9ded187f ci: replace make -C tools with devcluster. (2892)
fb086591 ci: unpin pip version, improve py venv cache key. (2922)
48ee5a13 feat: Support passing an existing EFS to det deploy aws [DET-5737] (2803)
c8acf891 fix: change styling on "stop experiment" modal [DET-5837] (2894)
f5dc7419 docs: update k8s version to 1.19 >= and <= 1.21 (2887)
8f2a4896 ci: restrict setuptools version. (2920)
59ca50e1 chore: fix master/agent Docker image vulnerabilities [DET-5926] (2914)
7d1c9913 feat: add a `make devcluster` target (2900)
a6e21725 test: fix batch action misclick on e2e tests [2872] (2877)
dd17c3a8 docs: update idle timeout (2917)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.1

CVSS v3 Details

HIGH 8.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
HIGH
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 6.8
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL