Product Research Enterprise Plans Docs

PyPi: Determined

CVE-2022-0686

Transitive

Safety vulnerability ID: 50980

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Feb 20, 2022 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.

Affected package

determined

Latest version: 0.38.0

Determined AI: The fastest and easiest way to build deep learning models.

Affected versions

Fixed versions

Vulnerability changelog

Changelog

* 17f6d80b3 chore: bump version: 0.19.3-rc4 -> 0.19.3
* ba4c8fb53 docs: add release notes for 0.19.3 (4997)
* 620cf6920 chore: bump version: 0.19.3-rc3 -> 0.19.3-rc4
* 1cd716afd feat: allow specifying Fluent Bit container UID/GID on Kubernetes [DET-8012] (4963)
* 041cae931 chore: bump version: 0.19.3-rc2 -> 0.19.3-rc3
* a7364af1a fix: correct overflow action buttons [DET-8322] (4979)
* 7557b065e chore: bump version: 0.19.3-rc1 -> 0.19.3-rc2
* 83df8ccdc fix: remove duplicate Admin Guide tile (4975)
* f7824e4bc fix: WebUI config download [DET-8323] (4974)
* 11fe52c13 chore: bump version: 0.19.3-rc0 -> 0.19.3-rc1
* 1af55aa57 chore: revert "chore: secure echo with default authentication [DET-7405] [DET-7378] (4267)" (4971)
* dbe7008fb fix: reduce settings api calls [DET-8307] (4970)
* fa2a8251c chore: bump version: 0.19.3-dev0 -> 0.19.3-rc0
* 05d713edd chore: lock api state for backward compatibility check
* 0127d7d3c chore: secure echo with default authentication [DET-7405] [DET-7378] (4267)
* e2512cf68 feat: adjust scrollbar color by theme (4964)
* e1971c814 fix: associate allocation sessions with users (4949)
* 6c0ea8773 chore: fix a typo in py generator (4938)
* a5ea7e8df chore: add question issue (4959)
* c87cc1f4c ci(test-unit): remove debug code (4947)
* fedee52b2 test: remove ds test from p2 (4951)
* 4b565ac2c ci: run deepspeed on g4dn instances (4946)
* b2765f0ff feat: WebUI 404 not found page [DET-8226] (4937)
* f1f77c675 refactor: AuthZ for trials [DET-8211] (4940)
* 522f9f3a0 fix: allow forking an archived experiment [DET-8277] (4944)
* d346f3ffc chore: test apex checkpointing [DET-7886] (4904)
* 6a3a45574 chore: ensure isAuthError can see into wrapped exceptions (4934)
* c94a91ce0 ci(test-unit): accept only status events (4941)
* 5363d846d docs: slurm jobs do not require gres (4911)
* 7c12bd254 docs: update required python to 3.7 (4939)
* acd2ba92a feat: add programatic download for the config files (4907)
* 8f1f2f099 ci(test-unit): flail productively (4936)
* bd2db37e6 chore: address low hanging security updates (4872)
* bf61b0839 fix: remove prevUser constraint (4932)
* 948f34a5c feat: WebUI create user with group info [DET-8221] (4923)
* a57c90910 refactor: AuthZ for experiments [DET-8003] (4905)
* a93903bb2 feat: helm chart: add OIDC and SCIM options [DPS-204] (4897)
* ab8e47172 test: update yaml file names (4924)
* 798fca680 docs: fix to hyperlink in release notes (4895)
* 0fa875c56 docs: Slurm support updates for 0.19.3 (4919)
* 99c8f3f23 chore: fix rebase error (4922)
* e1632c025 chore: add stream argument to Session._do_request (4902)
* c3b0fb652 fix: rbac-user-groups merge conflicts and lints.
* f923e790a feat: WebUI group list page [DET-7921, DET-7976] (4724)
* 710f8f689 fix: rbac-user-groups merge conflicts.
* e9a909d47 feat: WebUI edit user [DET-7846] (4680)
* e35fb59b2 chore: RBAC user groups crud (4620)
* 1933ef3a8 feat: migrate patch user logic to grpc server [DET-7909] (4648)
* e9ab25da2 feat: pluggable authorization for RBAC. (4626)
* 12cad9f7d chore: User Groups SQL (4519) [DET-7803]
* d551eb4dc fix: change /var/cache permissions to mode 775 (4920)
* 0164be026 fix: GetExperiments error on forked experiment (4918)
* 9b23d6f93 ci(test-unit): limit runs to only test-e2e updates (4915)
* 3dc86510d fix: race condition in agent `container` actor around missing `containerInfo`. (4869)
* b2caa1573 ci(test-unit): fix conditional check syntax (4913)
* bbf27db5f ci(test-unit): fix debug line to print payload (4912)
* c9fdcfa3c ci(link-artifacts): add initial workflow attempt (4906)
* 0306d6694 chore: resource pool support for PBS (4884)
* 51355e4af perf: improve `getWorkspaceProjects` api for Quick Search (4896)
* 4ad9c1d4d chore: change import path in generated bindings (4900)
* fc1aee26c chore: proto build should fail on first error. (4802)
* 3f68ac2ac fix: re-render issue (4898)
* 0e3c81eda feat: GetExperiments to bun (4813)
* 479beba8d feat: DeepSpeed CPU offloading (4875)
* b85c1b3b2 chore: replace `PropsWithChildren` with explicit children (4890)
* 3f9aacfcf chore: migrate python sdk to generated bindings [DET-8005] (4844)
* a3ad849a8 chore: bump version: 0.19.2-dev0 -> 0.19.3-dev0
* c339e3402 docs: add release notes for 0.19.2 (4877)
* e066d3215 chore: set torch_geometric version in example to fix e2e test. (4889)
* f6580ddda perf: set memory cap to improve memory allocation (4840)
* 25019fa3f chore: fix limit 0 for /api/v1/trials/:id/workloads (4886)
* a5c6f79aa feat: experiment checkpoint list [DET-8201] [DET-8129] (4870)
* 95c5126ef feat: allow OrderBy in GetExperimentCheckpoints for SortBy SearcherMetric (4885)
* a5278b1d3 feat: create quick search to jump to workspace or project (4837)
* c0b98dbb1 build: enable storybook previews (4874)
* 116baf948 fix: det e describe with multiple trials (4863)
* cf31c477c ci: fix flakes in test_max_concurrent_trials (4865)
* 9f5306d1a chore: test AMP autocast and gradient scaling [DET-7885] (4702)
* 0f0f82e0d chore: some cli cleanup (4859)
* 5e8d8f2bb docs: remove misleading redirect (4883)
* 07e76508d feat: add security.default_task and openshift host options to helm chart [DPS-204] (4843)
* 30e339385 feat: add disabled prop to ActionDropdown (DET-7937) (4867)
* 2f0464f90 fix: downgrade fluentbit to fix tls.vhost issues (4871)
* 74dd27f39 build: avoid double testing via e2e-longrunning (4850)
* f008dcb07 chore: add controllable logging support [DET-8025] (4826)
* 4a7c03f57 fix: remove workloadCount from trial responses; single-trial view fix (4857)
* 945cd6a0d chore: document reasons for scaler.update() (4845)
* 70c0c6690 chore: add authz on moving experiments between projects [DET-7750] (4806)
* 9e132ed8e fix: remove subprocess import (4856)
* 64911159b chore: preserve failed action's error message (4822)

Docker images

- `docker pull determinedai/determined-master:0.19.3`
- `docker pull determinedai/determined-master:17f6d80b3`
- `docker pull determinedai/determined-master:17f6d80b349011a29f51210a7634806709f99472`
- `docker pull determinedai/determined-dev:determined-master-17f6d80b3`
- `docker pull determinedai/determined-dev:determined-master-17f6d80b349011a29f51210a7634806709f99472`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:0.19.3`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:17f6d80b3`
- `docker pull nvcr.io/isv-ngc-partner/determined/determined-master:17f6d80b349011a29f51210a7634806709f99472`

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.1

CVSS v3 Details

CRITICAL 9.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): NONE

CVSS v2 Details

MEDIUM 6.4

Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): PARTIAL
Availability Impact (A): NONE