PyPi: Determined

CVE-2020-10109

Transitive

Safety vulnerability ID: 54967

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 12, 2020 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Determined 0.17.6 updates env images to include security fixes.
https://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d

Affected package

determined

Latest version: 0.38.0

Determined AI: The fastest and easiest way to build deep learning models.

Affected versions

Fixed versions

Vulnerability changelog

Changelog

* a7806b5a chore: bump version: 0.17.6-rc6 -> 0.17.6
* 48451b62 chore: fix import ordering
* d9a1257b docs: add release notes for 0.17.6 (3475)
* 47a17f67 chore: bump version: 0.17.6-rc5 -> 0.17.6-rc6
* 7a8132a9 fix: make systemd socket activation actually work (3459)
* b6d82d13 chore: bump version: 0.17.6-rc4 -> 0.17.6-rc5
* 6e65020c fix: Allow allocations array to be empty without null value (3465)
* 79ca9dde fix: update timeago casing for taskcards on dashboard (3434)
* f40314ef chore: bump version: 0.17.6-rc3 -> 0.17.6-rc4
* 247c288a fix: avoid terminating profiler streaming [DET-6459] (3453)
* 90a385e3 chore: bump version: 0.17.6-rc2 -> 0.17.6-rc3
* bb43d698 fix: revert to prior slot utilization logic for static agents (3451)
* 75972b34 chore: bump version: 0.17.6-rc1 -> 0.17.6-rc2
* 34e2e31f chore: better telemetry (3271)
* bdd5c238 ci: run releases for tags with new proper SemVer format
* c87dcf4b chore: bump version: 0.17.6-rc0 -> 0.17.6-rc1
* 49c03b40 chore: bump version: 0.17.6-dev0 -> 0.17.6-rc0
* e7ed8e97 chore: lock api state for backward compatibility check
* 18859054 fix: Add allocation state to db test object (3427)
* 4dcf3250 feat: allow podSpec env variables (3431)
* 25616ac6 feat: adjust job priority and weight through job queue (3411)
* c3c4df9f feat: Add /tasks/:task_id endpoint to GRPC API [DET-6354] [DET-6355] (3360)
* db71ac48 docs: announce deprecation of pbt (3407)
* 01da9977 feat: pass metrics to simple reducer in original order (3405)
* 39568043 fix: show correct total gpu capacity [DET-3733] (3385)
* b0f5458c chore: bump env images for security. (3415)
* 4f2ced6f fix: address experiment name going out of sync with db (3414)
* dd733ef6 fix: avoid Can't pickle local object in TestPIDServer (3393)
* 3dcdbc8f fix: add missing fields to allocation query and tests to prevent future bugs (3398)
* c1d5db02 ci: fix flake in provisioner unit test (3409)
* f082d650 chore: update unreleased manage job modal (3374)
* cd64b92e chore: make mypy happy with requests wrapper (3408)
* d0da8697 fix: fix a conditional render loop (3394)
* c3e2d3a3 chore: bumpenvs for updated base AMIs (3404)
* c6f23186 chore: get gov images in refresh-ubuntu-amis.py (3399)
* 7f504e7d ci: make checkpoint gc tests actually wait for gc (3403)
* 142f5999 fix: set gc-policy broken [DET-6373] (3391)
* 47b2375d fix: fix forked experiments missing username in memory (3392)
* 9a1e8113 feat: add systemd socket activation support to the master (3366)
* 875d6732 DET-6361 - update docs (3386)
* e9ad0532 chore: force github.com/containerd/containerd upgrade (3381)
* 7e822f55 chore: fix default format selection and enum loading in cli (3384)
* dc511af9 chore: write our own swagger bindings (3361)
* 9a5c1f5e fix: Fix sphinx-build parsing bug (3376)
* 3bc09571 fix: stop re-rendering loops and throw the appropriate errors for continue trial modal [DET-6368] (3378)
* 66378a49 chore: bump github.com/labstack/echo/v4 dependencies to address dependabot (3354)
* 38f77750 fix: fix webui full config edit in notebook modal (3373)
* 2debbcf9 chore: bump docker and k8s dependencies (3352)
* b3a34baa docs: address onboarding gaps (3122)
* a996243e ci: stop testing EOL python (3377)
* e6ae62aa chore: update github pr template (3365)
* 0f45c4a7 fix: stop profiler spinner when terminal [DET-6326] (3325)
* ceb537d5 fix: negative slots per agent [DET-6357] (3342)
* 31549d8b fix: default shell/cmd slots should be 1. (3369)
* 268035be chore: try to sidestep race in use of check_if_string_present_in_trial_logs test helper (3367)
* eaeb658c chore: bump goreleaser (3345)
* 69965984 chore: image updates: bump all, add ROCm image. (3363)
* c81a7a9d ci: unflake master `IdleTimeoutWatcher` test. (3364)
* 4b76543d chore: fix small data race found by go build --race (3359)
* ddda7a45 fix: purge model.ExperimentConfig (3362)
* 1f4898c0 feat: experimental ROCm support. [DET-6285] (3282)
* 611947c1 ci: only install yq with snap. (3355)
* a0a5a8cf chore: fix trial log readability (3356)
* 34698e68 chore: AdvancedSearcher->Searcher (3339)
* 98c69adb chore: More info for test failure [DET-6347] (3353)
* c1a1e303 chore: add trial log dump for test assertion failure (3336)
* 5241759c fix: handle calls to old command endpoints, make it harder to crash cmd managers [DET-6336] (3315)
* 906ea4b3 fix: Convert all experiment and job states to labels (3351)
* c9d43f9c chore: bump test-e2e go version (3344)
* 95999f97 fix: fix incorrect preemption status report from Kubernetes RP (3330)
* 1f8eaa9a chore: rename Generic API to Core API [DET-6243] (3310)
* c266f8ee ci: print trial logs in more failure cases (3333)
* 61b309fc fix: don't allow allocations to take actions with unreceived cancellations (3326)
* 2e234990 fix: small bug in error log (3332)
* 377560e8 feat: support agent on Apple Silicon without Rosetta (3328)
* 9b31a1b6 feat: add config option for Tensorboard (3319)
* 46d56274 refactor: stop experiment modal [DET-6325] (3307)
* 12fce381 ci: update to python3.7. (3316)
* 30397f25 chore: unpin google-cloud dependencies. (3320)
* 4632cbe8 chore: simplify job queue state tracking (3302)
* 7ff1f8ec fix: collect system metrics from all agents (3313) [DET-6332]
* 355dcb86 chore: workaround upstream torch bug (3321)
* 0c12fe3d test: store and report webui test results (3248)
* a2cede94 feat: add prometheus endpoint for internal Determined state mappings [DET-5890] (3258)
* 7d9714e0 chore: update can-i-use browserlist (3317)
* f4fc7bb8 chore: remove hvd_config usage [DET-6220] (3210)
* cb139a16 fix: pull logs [DET-6335] (3308)
* ca96c776 feat: add wall clock time, tests to get trial API [DET-6226] (3311)
* 997dd8fb fix: preview search (3309)
* 43ccbeab fix: improve CPU core count parsing on agents with CPU slots. (3304)
* 9b80a576 chore: clean up code owners (3312)
* dd3edaa6 docs: fix image formatting in 0.17.5 release notes (3305)
* f9dd54ac chore: bump version: 0.17.5-dev0 -> 0.17.6-dev0
* 09ca94f5 docs: add release notes for 0.17.5 (3299)
* 09c049cb chore: update job queue title and navigation entry (3303)
* c1890544 feat: Allow new AWS instances to be specified [DET-6327] (3296)
* 8152a90c chore: reuse ordering logic between k8 and priority schedulers (3301)
* 5716cf2e chore: reorganize how endpoints are queried in jobs page (3298)
* 50be69ed fix: update craco config to have webpack use the ify-loader for plotly imports (3294)
* 54a37e33 fix: fix experiment active state check in webui (3295)
* a2bdf72e fix: increase CircleCI resource class for React builds (3297)
* e06e307d fix: open job queue task links in a new tab (3293)
* 26b6d26b fix: pass get_trials sort parameters to REST (3291)
* 60b29812 feat: set up, read, and visualize job queue (3231)
* 6686b5f3 fix: update use in notebook code snippet [DET-6305] (3288)
* 9707b820 Fix: send activate param from WebUI to API (3290)
* 6432ca9f fix: `det model list-versions --json` (3292)
* ded1d768 chore: avoid progress rendering for tasks card in some cases (3289)
* f4302d87 fix: add visual indicators that you can't edit an archived model [DET-6280] (3279)
* f38996aa refactor: customized timeago [DET-6244] (3283)


Docker images

- `docker pull determinedai/determined-master:0.17.6`
- `docker pull determinedai/determined-master:a7806b5a`
- `docker pull determinedai/determined-master:a7806b5a6670a0c6a2d9126b004384d322930b73`
- `docker pull determinedai/determined-dev:determined-master-a7806b5a`
- `docker pull determinedai/determined-dev:determined-master-a7806b5a6670a0c6a2d9126b004384d322930b73`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:0.17.6`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:a7806b5a`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:a7806b5a6670a0c6a2d9126b004384d322930b73`

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL