PyPi: Textattack

CVE-2021-22898

Transitive

Safety vulnerability ID: 42622

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 11, 2021 Updated at Mar 28, 2024
Scan your Python projects for vulnerabilities →

Advisory

Textattack 0.3.4 updates its dependency 'tensorflow' to v2.5.1 to include several security fixes.

Affected package

textattack

Latest version: 0.3.10

A library for generating text adversarial examples

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* [CODE] Keras parallel attack fix - Issue 499 by sanchit97 in https://github.com/QData/TextAttack/pull/515
* Bump tensorflow from 2.4.2 to 2.5.1 in /docs by dependabot in https://github.com/QData/TextAttack/pull/517
* Add a high level overview diagram to docs by cogeid in https://github.com/QData/TextAttack/pull/519
* readtheDoc fix by qiyanjun in https://github.com/QData/TextAttack/pull/522
* Add new attack recipe A2T by jinyongyoo in https://github.com/QData/TextAttack/pull/523
* Fix incorrect `__eq__` method of `AttackedText` in `textattack/shared/attacked_text.py` by wenh06 in https://github.com/QData/TextAttack/pull/509
* Fix a bug when running textattack eval with --num-examples=-1 by dangne in https://github.com/QData/TextAttack/pull/521
* New metric module to improve flexibility and intuitiveness - moved from 475 by sanchit97 in https://github.com/QData/TextAttack/pull/514
* Update installation.md to add FAQ on installation by qiyanjun in https://github.com/QData/TextAttack/pull/535
* Fix dataset-split bug by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/533
* Update by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/541
* add custom dataset API use example in doc by qiyanjun in https://github.com/QData/TextAttack/pull/543
* Fix logger initiation bug by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/539
* Updated Tutorial 0 to use the Rotten Tomatoes dataset instead of the … by srujanjoshi in https://github.com/QData/TextAttack/pull/542
* Back translation transformation by cogeid in https://github.com/QData/TextAttack/pull/534
* Fixed a bug in the allennlp tutorial by donggrant in https://github.com/QData/TextAttack/pull/546
* Logger bug fix by ankitgv0 in https://github.com/QData/TextAttack/pull/551
* add "textattack[tensorflow]" option in all tutorials by qiyanjun in https://github.com/QData/TextAttack/pull/559
* Fix CLARE Extra Character Bug by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/556
* Fix metric-module Issue532 by sanchit97 in https://github.com/QData/TextAttack/pull/540
* Add API docstrings for back translation by cogeid in https://github.com/QData/TextAttack/pull/563
* Fixed the "no attribute" error from 536 by ankitgv0 in https://github.com/QData/TextAttack/pull/552
* Enhance augment function by Hanyu-Liu-123 in https://github.com/QData/TextAttack/pull/531
* fix read-the-doc installation issue / clean up and add new docstrings for recently added classes/packages by qiyanjun in https://github.com/QData/TextAttack/pull/569

New Contributors
* wenh06 made their first contribution in https://github.com/QData/TextAttack/pull/509
* dangne made their first contribution in https://github.com/QData/TextAttack/pull/521
* srujanjoshi made their first contribution in https://github.com/QData/TextAttack/pull/542
* donggrant made their first contribution in https://github.com/QData/TextAttack/pull/546
* ankitgv0 made their first contribution in https://github.com/QData/TextAttack/pull/551

**Full Changelog**: https://github.com/QData/TextAttack/compare/v0.3.3...v0.3.4

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

LOW 3.1

CVSS v3 Details

LOW 3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
HIGH
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
LOW
Integrity Impact (I)
NONE
Availability Availability (A)
NONE

CVSS v2 Details

LOW 2.6
Access Vector (AV)
NETWORK
Access Complexity (AC)
HIGH
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
NONE
Availability Impact (A)
NONE