Product Research Enterprise Plans Docs

PyPi: Determined

CVE-2020-8203

Transitive

Safety vulnerability ID: 38656

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 15, 2020 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Determined 0.12.12rc0 updates its NPM dependency 'lodash' to v4.17.19 to include a security fix.

Affected package

determined

Latest version: 0.38.0

Determined AI: The fastest and easiest way to build deep learning models.

Affected versions

Fixed versions

Vulnerability changelog

27be82a fix: fix nonroot dtrain and nonroot shell [DET-3111] (871)
014ccff docs: minor fixes for adaptive HP topic guide (912)
0688853 chore: update log viewer to trigger scrolled-to-top event when scroll top is close enough (879)
6636a6f chore: loosen pyzqm requirements (917)
0d6ca73 chore: bump CLI GitPython dependency from 2.1.11 to 3.1.3 [DET-3499] (915)
fe180bf docs: Minor fixes for AWS topic guide. (904)
321709d test: add additional tests for async adaptive (818)
97744cd Revert "feat: support custom reducers for estimators (837)" (914)
56df7d2 feat: update helm chart for k8 RP [DET-3542] (882)
fad06e9 feat: support custom reducers for estimators (837)
7af6533 fix: upgrade lodash to fix vulnerability (903)
8fc97c3 fix: fix a parsing problem with tasks start time [DET-3657] (890)
ef81e34 fix: fix log viewer timestamp copy paste [DET-3631, DET-3632, DET-3634, DET-3641] (889)
b97a331 docs: remove duplicate entry from API reference (909)
eafbe2f fix: fix a react build problem (911)
75322c1 docs: remove incorrect statement. (905)
ff355f1 docs: reference documentation for the model registry (907)
218d473 feat: experiment list batch [DET-3001] (866)
2c6eb8c docs: fixes for examples, remove tf-cifar tutorial (902)
fa236e8 chore: upgrade react dependencies [DET-3649] (894)
10fe7e4 feat: add experiment detail actions [DET-3083] (858)
cbc6423 chore: bump task container versions [DET-3576, DET-3556] (899)
724a53c feat: add basic trial details endpoint consumption [DET-3640] (884)
a059e57 test: fix pytorch parallel (896)
3f6ed8e feat: update Pytorch checkpoint exporting API [DET-3465] (842)
a2743ef test: skip master logs test for now, unable to diagnose flake (878)
7975cc5 ci: work around there existing no distributed tests (888)
2818426 fix: use local log line ids for trial logs (893)
27bfc08 chore: validate segment key (880)
635d96d docs: add docs on data access for dtrain [DET-3506] (872)
fa5fae6 fix: improve CLI's custom certificate handling [DET-3630] (883)
2339878 feat: add experiment info box [DET-3554 DET-3012] (841)
c832154 adds register_version cli command (881)
84a914e ci: enable multi-node testing [DET-3444] (852)
a4b784a feat: add `--head` option for printing trial logs [DET-3527] (875)
1038186 chore: remove figure options from plotly (874)
3f8de80 refactor: add get-or-else support (811)
b8e7987 chore: upgrade agent VM image to newer kernel version
9e1664c feat: support addTask and startTask for k8 RP [DET-3416, DET-3419] (798)
f38b84c test: upload cloud watch CI logs to S3 [DET-3515] (855)
37d4973 ci: move react api copy command over to build step from get-deps [DET-3565] (856)
d989428 feat: add simple Tensorboard launch action to UI [DET-3231] (836)
8e58136 fix: minor spelling fix for a filename (860)
2ed285b chore: fix a low severity lodash security vulnerability (851)
394e317 feat: model versions sdk and CLI [DET-3477] [DET-3480] (861)
36c8bae ci: fix docs publish (849)
5a2acc6 fix: don't accept string optimizers for multi-GPU tf keras [DET-3567] (859)
1e707df fix: use TF Tensorboard writer by default [DET-3353] (857)
260ffe8 docs: fix get models documentation (846)
c1f02c2 chore: bump version: 0.12.11.dev0 -> 0.12.12.dev0 (853)
37bd64d chore: set up browser NDJSON stream consumption [DET-3451] (815)
e514f7e test: update unit tests for Pytorch flexible primitives [DET-3200] (829)
922105d docs: release notes for 0.12.11 (850)
634ad5b chore: add response headers to bust cache for elm and react index.html (847)
9d41b9e fix: update examples link (845)
bbdf964 feat: remove steps from pytorch callbacks [DET-3252] (831)
ecbdde7 feat: don't silence api errors in dev (840)
ed64384 feat: directly consume Swagger generated TS client [DET-3535 DET-3552] (819)
f275f8e chore: link react trial logs for improved rendering performance [DET-3530] (834)
d2b5e00 fix: metrics for unets tf_keras example [DET-3553] (843)
053dfa3 feat: react trial logs [DET-3128] (830)

Docker images

- `docker pull determinedai/determined-master:0.12.12`
- `docker pull determinedai/determined-master:231769f`
- `docker pull determinedai/determined-master:231769f96ab30c710231cc26552cad264c899a35`
- `docker pull determinedai/determined-dev:determined-master-231769f`
- `docker pull determinedai/determined-dev:determined-master-231769f96ab30c710231cc26552cad264c899a35`

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.4

CVSS v3 Details

HIGH 7.4

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): HIGH
Availability Availability (A): HIGH

CVSS v2 Details

MEDIUM 5.8

Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (Au): NONE
Confidentiality Impact (C): NONE
Integrity Impact (I): PARTIAL
Availability Impact (A): PARTIAL