Workflow

PyPi: Sleap

CVE-2020-15205

Transitive

Safety vulnerability ID: 43795

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 25, 2020 Updated at Dec 19, 2024
Scan your Python projects for vulnerabilities →

Advisory

Sleap 1.0.10 updates TensorFlow to v2.1.2 for security reasons.

Affected package

sleap

Latest version: 1.4.1

SLEAP (Social LEAP Estimates Animal Poses) is a deep learning framework for animal pose tracking.

Affected versions

Fixed versions

Vulnerability changelog

Pre-release of minor version update with performance tweaks and bug fixes.

Changes:
- Update to TensorFlow 2.1.2 (security patch)
- Switch to ID-based hashing for `LabeledFrame`. This dramatically increases the performance of frame manipulation operations.
- Several convenience methods for `sleap.Labels`:
- Add `describe` method to Labels for easy inspection of dataset stats
- Add `has_frame` method to Labels for quick checking of frame existence
- Add `remove_user_instances` and `remove_predictions` for quick dataset cleanup
- Remove predicted instances in existing frames before merging in active learning results (fixes 413)
- Conda `environment.yml` clean-up: de-duplicates dependencies managed by `pip`

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

HIGH 7.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL