Workflow

PyPi: Sleap

CVE-2020-15190

Transitive

Safety vulnerability ID: 43802

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 25, 2020 Updated at May 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.

Affected package

sleap

Latest version: 1.4.0

SLEAP (Social LEAP Estimates Animal Poses) is a deep learning framework for animal pose tracking.

Affected versions

Fixed versions

Vulnerability changelog

Pre-release of minor version update with performance tweaks and bug fixes.

Changes:
- Update to TensorFlow 2.1.2 (security patch)
- Switch to ID-based hashing for `LabeledFrame`. This dramatically increases the performance of frame manipulation operations.
- Several convenience methods for `sleap.Labels`:
- Add `describe` method to Labels for easy inspection of dataset stats
- Add `has_frame` method to Labels for quick checking of frame existence
- Add `remove_user_instances` and `remove_predictions` for quick dataset cleanup
- Remove predicted instances in existing frames before merging in active learning results (fixes 413)
- Conda `environment.yml` clean-up: de-duplicates dependencies managed by `pip`

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.3

CVSS v3 Details

MEDIUM 5.3
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
LOW

CVSS v2 Details

MEDIUM 5.0
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Impact (A)
PARTIAL