PyPi: Datacube

CVE-2021-42343

Transitive

Safety vulnerability ID: 49320

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 26, 2021 Updated at Oct 28, 2024
Scan your Python projects for vulnerabilities →

Advisory

Datacube 1.8.7 updates its dependency 'dask' to v2021.10.0 to include a security fix.

Affected package

datacube

Latest version: 1.8.19

An analysis environment for satellite and other earth observation data

Affected versions

Fixed versions

Vulnerability changelog

- Cleanup mypy typechecking compliance. (1266)
- When dataset add operations fail due to lineage issues, the produced error message now clearly indicates that
the problem was due to lineage issues. (1260)
- Added support for group-by financial years to virtual products. (1257, 1261)
- Remove reference to `rasterio.path`. (1255)
- Cleaner separation of (experimental) postgis and (stable) postgres drivers, and suppress SQLAlchemy cache warnings. (1254)
- Prevent Shapely deprecation warning. (1253)
- Fix `DATACUBE_DB_URL` parsing to understand syntax like: `postgresql:///datacube?host=/var/run/postgresql` (1256)
- Clearer error message when local metadata file does not exist. (1252)
- Address upstream security alerts and update upstream library versions. (1250)
- Clone ``postgres`` index driver as ``postgis``, and flag as experimental. (1248)
- Implement a local non-persistent in-memory index driver, with maximal backwards-compatibility
with default postgres index driver. Doesn't work with CLI interface, as every invocation
will receive a new, empty index, but useful for testing and small scale proof-of-concept
work. (1247)
- Performance and correctness fixes backported from ``odc-geo``. (1242)
- Deprecate use of the celery executor. Update numpy pin in rtd-requirements.txt to suppress
Dependabot warnings. (1239)
- Implement a minimal "null" index driver that provides an always-empty index. Mainly intended
to validate the recent abstraction work around the index driver layer, but may be useful
for some testing scenarios, and ODC use cases that do not require an index. (1236)
- Regularise some minor API inconsistencies and restore redis-server to Docker image. (1234)
- Move (default) postgres driver-specific files from `datacube.index` to `datacube.index.postgres`.
`datacube.index.Index` is now an alias for the abstract base class index interface definition
rather than postgres driver-specific implementation of that interface. (1231)
- Update numpy and netcdf4 version in docker build (1229)
rather than postgres driver-specific implementation of that interface. (1227)
- Migrate test docker image from `datacube/geobase` to `osgeo/gdal`. (1233)
- Separate index driver interface definition from default index driver implementation. (1226)
- Prefer WKT over EPSG when guessing CRS strings. (1223, 1262)
- Updates to documentation. (1208, 1212, 1215, 1218, 1240, 1244)
- Tweak to segmented in geometry to suppress Shapely warning. (1207)
- Fix to ensure ``skip_broken_datasets`` is correctly propagated in virtual products (1259)
- Deprecate `Rename`, `Select` and `ToFloat` built-in transforms in virtual products (1263)

Includes contributions from whatnick, alexgleith, maawoo, jeremyh, iamtekson, alfredoahds, SpacemanPaul, kirill888, robbitbt, tebadi, uchchwhash, and mpaget.

Acknowledgements to the Open Datacube Steering Council and all supporting organisations, including Geoscience Australia, Digital Earth Africa, CSIRO, Frontier SI and Aerometrex.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 6.8
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL