PyPi: Autogluon

CVE-2022-24303

Transitive

Safety vulnerability ID: 52411

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 28, 2022 Updated at Dec 04, 2024
Scan your Python projects for vulnerabilities →

Advisory

Autogluon 0.6.1 updates its dependency 'pillow' requirement to '>=9.3.0' to include security fixes.

Affected package

autogluon

Latest version: 1.2

Fast and Accurate ML in 3 Lines of Code

Affected versions

Fixed versions

Vulnerability changelog

v0.6.1 is a security fix / bug fix release.

As always, only load previously trained models using the same version of AutoGluon that they were originally trained on.
Loading models trained in different versions of AutoGluon is not supported.

See the full commit change-log here: https://github.com/autogluon/autogluon/compare/v0.6.0...v0.6.1

This version supports Python versions 3.7 to 3.9. 0.6.x are the last releases that will support Python 3.7.

Changes

Documentation improvements

- Fix object detection tutorial layout (2450) - bryanyzhu
- Add multimodal cheatsheet (2467) - sxjscience
- Refactoring detection inference quickstart and bug fix on fit->predict - yongxinw, zhiqiangdon, Innixma, BingzhaoZhu, tonyhoo
- Use Pothole Dataset in Tutorial for AutoMM Detection (2468) - FANGAreNotGnu
- add time series cheat sheet, add time series to doc titles (2478) - canerturkmen
- Update all repo references to autogluon/autogluon (2463) - gidler
- fix typo in object detection tutorial CI (2516) - tonyhoo

Bug Fixes / Security

- bump evaluate to 0.3.0 (2433) - lvwerra
- Add finetune/eval tests for AutoMM detection (2441) - FANGAreNotGnu
- Adding Joint IA3_LoRA as efficient finetuning strategy (2451) - Raldir
- Fix AutoMM warnings about object detection (2458) - zhiqiangdon
- [Tabular] Speed up feature transform in tabular NN model (2442) - liangfu
- fix matcher cpu inference bug (2461) - sxjscience
- [timeseries] Silence GluonTS JSON warning (2454) - shchur
- [timeseries] Fix pandas groupby bug + GluonTS index bug (2420) - shchur
- Simplified infer speed throughput calculation (2465) - Innixma
- [Tabular] make tabular nn dataset iterable (2395) - liangfu
- Remove old images and dataset download scripts (2471) - Innixma
- Support image bytearray in AutoMM (2490) - suzhoum
- [NER] add an NER visualizer (2500) - cheungdaven
- [Cloud] Lazy load TextPredcitor and ImagePredictor which will be deprecated (2517) - tonyhoo
- Use detectron2 visualizer and update quickstart (2502) - yongxinw, zhiqiangdon, Innixma, BingzhaoZhu, tonyhoo
- fix df preprocessor properties (2512) - zhiqiangdon
- [timeseries] Fix info and fit_summary for TimeSeriesPredictor (2510) - shchur
- [timeseries] Pass known_covariates to component models of the WeightedEnsemble - shchur
- [timeseries] Gracefully handle inconsistencies in static_features provided by user - shchur
- [security] update Pillow to >=9.3.0 (2519) - gradientsky
- [CI] upgrade codeql v1 to v2 as v1 will be deprecated (2528) - tonyhoo
- Upgrade scikit-learn-intelex version (2466) - Innixma
- Save AutoGluonTabular model to the correct folder (2530) - shchur
- support predicting with model fitted on v0.5.1 (2531) - liangfu
- [timeseries] Implement input validation for TimeSeriesPredictor and improve debug messages - shchur
- [timeseries] Ensure that timestamps are sorted when creating a TimeSeriesDataFrame - shchur
- Add tests for preprocessing mutation (2540) - Innixma
- Fix timezone datetime edgecase (2538) - Innixma, gradientsky
- Mmdet Fix Image Identifier (2492) - FANGAreNotGnu
- [timeseries] Warn if provided data has a frequency that is not supported - shchur
- Train and inference with different image data types (2535) - suzhoum
- Remove pycocotools (2548) - bryanyzhu
- avoid copying identical dataframes (2532) - liangfu
- Fix AutoMM Tokenizer (2550) - FANGAreNotGnu
- [Tabular] Resource Allocation Fix (2536) - yinweisu
- imodels version cap (2557) - yinweisu
- Fix int32/int64 difference between windows and other platforms; fix mutation issue (2558) - gradientsky

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.1

CVSS v3 Details

CRITICAL 9.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 6.4
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL