Product Research Enterprise Plans Docs

PyPi: Octue

CVE-2021-33430

Transitive

Safety vulnerability ID: 44901

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Dec 17, 2021 Updated at Oct 25, 2024

Scan your Python projects for vulnerabilities →

Advisory

Octue 0.10.4 updates its dependency 'numpy' to v1.21.0 to include a security fix.

Affected package

octue

Latest version: 0.60.2

A package providing template applications for data services, and a python SDK to the Octue API.

Affected versions

Fixed versions

Vulnerability changelog

Summary
Update `numpy` in the developer dependencies and template apps to avoid a buffer overflow vulnerability.


Contents ([299](https://github.com/octue/octue-sdk-python/pull/299))

Dependencies
- Increase `numpy` version in developer dependencies and template apps from `1.19.2` to `1.21.0`

Testing
- Decouple monitors tests from cloud storage availability

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33430

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.3

CVSS v3 Details

MEDIUM 5.3

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Availability (A): HIGH

CVSS v2 Details

LOW 3.5

Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (Au): SINGLE
Confidentiality Impact (C): NONE
Integrity Impact (I): NONE
Availability Impact (A): PARTIAL