PyPi: Determined

CVE-2021-32640

Transitive

Safety vulnerability ID: 40670

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at May 25, 2021 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Determined 0.16.0rc0 updates its dependency 'ws' to v7.4.6 to patch a security vulnerability.

Affected package

determined

Latest version: 0.38.0

Determined AI: The fastest and easiest way to build deep learning models.

Affected versions

Fixed versions

Vulnerability changelog

d5145feb docs: Release notes for 0.15.6. (2493)
068bb33f fix: prevent zoom reset if chart is already zoomed [DET-5514] (2525)
3f44c83f fix: stop parsing notebook config on every edit [DET-5605] (2528)
03b28bef chore: fix client for new password handling (2546)
fe05b0b0 chore: avoid defaulting to filter by current user [DET-5602] (2540)
1e945afb feat: expose a default Determined in det.experimental.client (2532)
76230f83 chore: remove swagger-generated python code (2541)
c7ac21d6 fix: password handling in python sdk. (2543)
56dd19d4 feat: pull tensorboard images from experiment configs (2544)
48ceaf2a fix: fix hparam string representation failure [DET-5616] (2539)
8dfa0888 feat: pull tensorboard images from experiment configs (2534)
0ebeba33 chore: fix dropped cert argument in Authentication (2542)
d0adc51c feat: multimaster Authentication objects [DET-5308] (2531)
f1c9b1f4 feat: bump JupyterLab to 3.0.16 [DET-4872] (2526)
12a8cae4 chore: bump default environment CPU and GPU images to tf-2.4 (2523)
caf61c97 docs: add release notes for profiling features [DET-5351] (2535)
deb4cbf4 chore: initialize cli_cert in e2e tests (2530)
81eefc75 chore: bump transformers version for model-hub (2522)
e9f5947e fix: add init_invalid_hp to master [DET-5569] (2478)
ccdcaa8b chore: allow non-singleton Authentication (2513)
0a887e9d fix: trial profiling system metric chart ignoring zero [DET-5505] (2515)
0d9a5401 fix: allow bumpenvs to update nvcr images in helm charts (2520)
ec89928b feat: provide tensorflow 2.5 image [DET-5522] (2517)
55c3353f docs: recommend users upgrade to 0.16.0 to avoid k8s master crashes (2518)
a2f6fc26 chore: improved pynvml usage by profiler [DET-5394] (2487)
a06d3a2e chore: minor edits to cli behaviors (2519)
23160572 fix: add back bindmounts entry to command's default config (2521)
3d34e1c9 fix: notebook modal improvements [DET-5599] (2511)
6db82632 feat: add experiment notes & name [DET-5352] (2307)
17976404 chore: update urllib3 (2504)
49aec0db feat: support back-filling in the priority scheduler [DET-5397] (2436)
aec1074b chore: handle error when loading notebook config (2512)
09fca004 feat: add bind mounts to task container defaults [DET-5362] (2516)
4068fde9 chore: collect prometheus metrics (2501)
ed896c77 fix: python api create experiment bug (2510)
0c9ec27e fix: avoid rc dev release mismatch notifications (2405)
4fd33262 chore: task list filters [DET-5390] (2466)
1f49553e test: add e2e tests for profiling features [DET-5245] (2481)
ec9932df chore: upgrade ws to patch security vulnerability (2505)
3857f945 chore: add experiment name to breadcrumb on trial detail page [DET-5284] (2318)
87b1e598 docs: add release note for printable config (2507)
212aa936 chore: disable profiling after restart [DET-5424] (2486)
24432fe1 docs: add profiling how-to [DET-5209] (2384)
2b04bf0c chore: fix TrialsSnapshotResponse comment typo (2492)
1ca42b44 chore: fix TF version detection and RNG usage in test (2500)
106294a6 chore: migrate away from spot checks and move towards waiting for an expected case (2495)
eecc4461 fix: generating printable master config does not alter original (2502)
bf9b3ac1 fix: observability webui fixes [DET-5567][DET-5246][DET-5506][DET-5531][DET-5530][DET-5571] (2488)
5b73278f chore: improve profiler throughput collectors (2490)
55b122ea chore: remove native init() functions [DET-5574] (2480)
6ac0268d chore: add testing for `eventually` schema [DET-5560] (2467)
6f86594e chore: remove trial old messages and consolidate others (2464)
bae9c2d5 chore: fix some semi-broken unit tests (2483)
3f9f2daa fix: ship gpu_free_memory correctly [DET-5508] (2497)
0dae8015 chore: add non-streaming APIs for trial profiler endpoints (2484)
0b0e9ca8 chore: update eslint-no-unused-vars to handle special cases (2496)
d81f8ade fix: notebook modal bugs [DET-5573] (2476)
8ee598d8 chore: improve performance of tfevent file filtering (2469)
341fb4fa chore: trim unused parts of rendezvous info (2381)
ba07a04e chore: promote profiler APIs out of unimplemented (2485) [DET-5587]
3f532898 fix: send all batches from harness profiler [DET-5566] (2473)
c5201873 chore: deprecate det.experimental.create_trial_instance() (2479)
b0f57d69 fix: ProfilingAgent serializing timestamps incorrectly (2482)
6a673830 fix: propagate slots when it is 0 (2477)
4b97010a chore: measure profiler timings with time.time() (2475)
2e38dfab chore: reword README for schemas (2474)
3d6e73db fix: show x axis label on all plots [DET-5500] (2471)
2e83f225 fix: make tf estimator dtrain work with tf 2.5 [DET-5563, DET-3762] (2468)
f893eeef fix: timing metric chart x-axis tick off [DET-5501] (2472)
aa8d4427 chore: log running of migrations (2463)
36139a1d docs: add instructions to use dtrain workflow for inference with PyTorch (2386)
66c64521 feat: hook ProfilerAgent into harness and add profiler timings [DET-5062, DET-5204] (2348)
c52c6165 chore: move run increment to allocation not termination [DET-5559, DET-5450] (2462)
feac8cf7 feat: add launch notebook modal [DET-5376] [DET-5377] [DET-5380] [DET-5378] [DET-5379] [DET-5375] (2398)
7c178564 chore: catch ruamel.yaml Duplicate Key Errors and format for users [DET-5542] (2450)
2584c5b8 chore: rem to px [DET-5327] (2433)
ddf8693d fix: allow custom registries with determined env images [DET-5556] (2465)
8c1d0a99 fix: cleanup iter(DataLoader) before exiting [DET-5558] [DET-5554] (2459)
2c3bfa38 fix: use user preferences when no search params are present (2460)
80f4375b chore: disable dashboard recent tasks tests temporarily (2461)
7f1c61d1 feat: `det deploy --image-repo-prefix` for pulling images from a custom docker repo (2454)
a5170400 fix: synchronize pods actor startup in k8s resource manager [DET-5536] (2453)
ea4566f1 fix: update Buf image and CLI usage (2455)
80920725 chore: bump buf and protoc version [DET-5534] (2446)
92bf2c63 fix: prevent concurrent updates to a single expconf object [DET-5543] (2451)
ea66301a revert added example model (tf classification) (2452)
71a35025 fix: prevent spot resource pool contention [DET-5349] (2423)
8def1560 cli: small rewording in shell help (2448)
bac39242 ci: regen buf image with buf 0.12.1 (2447) [DET-5534]
193ac654 docs: fix broken links (2439)
da7fe34c fix: introduce LegacyConfig for tensorboard and checkpoint gc [DET-5533] (2444)
a9f0fe87 fix: omit internal fields in previewed notebook [DET-5523] (2434)
a690381a fix: allow EOL searchers in configs only [DET-5526] (2445)



Docker images

- `docker pull determinedai/determined-master:0.16.0`
- `docker pull determinedai/determined-master:f5a590b8`
- `docker pull determinedai/determined-master:f5a590b8e8b0f589f8086111c93a42f92760041c`
- `docker pull determinedai/determined-dev:determined-master-f5a590b8`
- `docker pull determinedai/determined-dev:determined-master-f5a590b8e8b0f589f8086111c93a42f92760041c`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:0.16.0`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:f5a590b8`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:f5a590b8e8b0f589f8086111c93a42f92760041c`

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.3

CVSS v3 Details

MEDIUM 5.3
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
LOW

CVSS v2 Details

MEDIUM 5.0
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Impact (A)
PARTIAL