Product Research Enterprise Plans Docs

PyPi: Determined

CVE-2020-26237

Transitive

Safety vulnerability ID: 39625

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 24, 2020 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Determined 0.14.0 updates its dependency 'highlight.js' to v10.5.0 to include a security fix.

Affected package

determined

Latest version: 0.38.0

Determined AI: The fastest and easiest way to build deep learning models.

Affected versions

Fixed versions

Vulnerability changelog

5e88f2bd feat: swap master restart to be snapshot based (1745) [DET-816]
0db30c6b fix: don't set default trial log limit in CLI (1856)
a8d4dd2e fix: fix CLI log tailing with elastic (1853) [DET-4883]
354cdfa8 fix: another place scheduler config for resource pool not being inherited (1854)
831235eb feat: add resource pool column to tasks list (1831)
a1821c84 feat: add resource pool column to experiment list (1819)
ae8011ce fix: webui trial logs should not use negative offset (1845)
d812ab78 chore: connect HGI UI to its API [DET-4638] (1837)
4fb65a4f fix: scheduler config for resource pool not being inherited (1847)
6523a8c5 chore: update cluster utilization overview [DET-4346] (1788)
9f57c9d2 docs: fix readme to clarify gpu vs cpu
5f661c86 chore: add custom error for torch's ReduceLROnPlateau (1849)
2617e74f chore: bump taiko-video version to fix ffmpeg / screenshot save race condition (1850)
2f2e5ee7 perf: index as few log fields as possible to increase elasticsearch ingest speed (1848)
c6b1f0ed fix: increase trial log timestamp resolution to support milliseconds [DET-4861] (1841)
f9d31f93 chore: enable some more Go linters (1839)
b4b1fe20 chore: retry for more errors when uploading to GCS (1794)
2d2e96e2 chore: fix duplicates in elastic log ids (1834)
79fe5eaf chore: add missing apiKey update to internal streaming sdk (1833)
57a9acc7 chore: update storybook to resolve github security vulnerability for highlight.js (1808)
342527cd chore: fix trial log following logic (1832) [DET-4850]
91e2800b chore: Endpoint and infrastructure for hyperparameter importance computation [DET-4464] (1707)
adc4361e chore: experiment API returns resource pool info [DET-4572] (1711)
9a6da7af chore: fix ExitedReason log (1829)
cf3accbd fix: dars_penntreebank_pytorch example [DET-4841] (1822)
513136d5 fix: show zoom out tip when zoomed into learning curve chart (1828)
128531e9 chore: Revert DET-4688, do not support single-trial experiments in trials-sample endpoint [DET-4840] (1824)
0b243346 fix: update model def button to be a raw link (1826)
79df2101 chore: various elastic fixes (1825) [DET-4839]
b8d9e20d fix: update types to support new log levels (1823)
9ae41f51 fix: revert broken user-facing change with experiment config logic (1821)
b0214984 docs: Add Lunch and Learn promotion to README.md (1815)

Docker images

- `docker pull determinedai/determined-master:0.14.0`
- `docker pull determinedai/determined-master:9ee2fa43`
- `docker pull determinedai/determined-master:9ee2fa4321ff127bd0a08a90d15fa524d73b597c`
- `docker pull determinedai/determined-dev:determined-master-9ee2fa43`
- `docker pull determinedai/determined-dev:determined-master-9ee2fa4321ff127bd0a08a90d15fa524d73b597c`

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.7

CVSS v3 Details

HIGH 8.7

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): HIGH
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 4.9

Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (Au): SINGLE
Confidentiality Impact (C): NONE
Integrity Impact (I): PARTIAL
Availability Impact (A): PARTIAL