PyPi: Deeposlandia

CVE-2019-16778

Transitive

Safety vulnerability ID: 38133

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 16, 2019 Updated at Mar 22, 2023
Scan your Python projects for vulnerabilities →

Advisory

Deeposlandia 0.6 updates its dependency 'Tensorflow' to v1.15 to include security fixes.

Affected package

deeposlandia

Latest version: 0.8.0

Automatic detection and semantic image segmentation with deep learning

Affected versions

Fixed versions

Vulnerability changelog

*Georeferenced dataset post-processing*

This release essentially copes with the georeferenced dataset, one may now post-process
the results, so as to visualize labelled masks as raster. A vectorized version of each
prediction is also available.

As another major evolution, `deeposlandia` now has a Command-Line Interface (CLI). The
available commands are `datagen`, `train`, `infer` and `postprocess` respectively for
generating preprocessed datasets, training neural networks, doing inference and
post-processing neural network outputs.

Added

- Set up a Command-Line Interface (90).
- Consider `RGBA` images and warns the user as this format is not handled by the web app
(107).
- Consider geometric treatments in a dedicated module, add vector-to-raster and
raster-to-vector transformation steps ; save postprocessed images as vector and raster
files (119).
- Postprocess aerial images so as to produce predicted rasters (118, 126, 127).
- Add missing test files for Tanzania dataset.
- Some information about GDPR in the web app (113).
- Improve unit tests dedicated to georeferenced data processing (104).

Changed

- Label folders are standardized (`labels`), in particular this folder name replaces `gt`
for `Aerial` dataset (139).
- Always use the best existing model, instead of parametrizing the access to the model
(135).
- Broken images are considered, hence not serialized onto the file system (129).
- The georeferenced aerial datasets are updated and factorized into a generic
`GeoreferencedDataset` class, the test files are updated accordingly (128).
- Deep learning model are now known as `featdet` and `semseg` instead of
`feature_detection` and `semantic_segmentation` (133).
- Update the training metric history when using a existing trained model (102).
- Move the documentation to a dedicated folder.
- Some code cleaning operations, using `black` and `flake8` (120).
- Update dependencies, especially `Tensorflow`, due to vulnerability issues.
- Fix the unit tests for Tanzania dataset population (111).
- The process quantity is an argument of `populate()` functions, in order to implement
multiprocessing (110).
- Logger syntax has been refactored (%-format) (103).

Removed

- The concept of "agregated dataset" is removed, as we consider a home-made Mapillary
dataset version. As a consequence, some input/output folder paths have been updated
(134).
- The hyperparameter optimization script (`paramoptim.py`) has been removed, `train.py`
can handle several value for each parameter (125).

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL