PyPi: Omegaml

CVE-2022-27778

Transitive

Safety vulnerability ID: 52293

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 02, 2022 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Omegaml 0.15.2 updates 'tensorflow' in the docker image to v2.10.0rc3 to include several security fixes.
https://github.com/omegaml/omegaml/pull/248

Affected package

omegaml

Latest version: 0.16.3

An open source DataOps, MLOps platform for humans

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Further docs by miraculixx in https://github.com/omegaml/omegaml/pull/209
* upgrade dependencies by miraculixx in https://github.com/omegaml/omegaml/pull/215
* Fix 211 by miraculixx in https://github.com/omegaml/omegaml/pull/212
* Enable easier objects imexport 216 by miraculixx in https://github.com/omegaml/omegaml/pull/217
* Simplify qualifiers by miraculixx in https://github.com/omegaml/omegaml/pull/219
* Further docs by miraculixx in https://github.com/omegaml/omegaml/pull/214
* various updates by miraculixx in https://github.com/omegaml/omegaml/pull/222
* Enable runtime serve by miraculixx in https://github.com/omegaml/omegaml/pull/210
* Remove unused by miraculixx in https://github.com/omegaml/omegaml/pull/224
* Upgrade mongodb by miraculixx in https://github.com/omegaml/omegaml/pull/220
* Performance gains by miraculixx in https://github.com/omegaml/omegaml/pull/223
* Auth refactor by miraculixx in https://github.com/omegaml/omegaml/pull/226
* fup auth refactor updates by miraculixx in https://github.com/omegaml/omegaml/pull/228
* upgrade rabbitmq by miraculixx in https://github.com/omegaml/omegaml/pull/229
* upgrade pymongo 4.1 by miraculixx in https://github.com/omegaml/omegaml/pull/225
* fup to auth env refactorign, upgrades of pymongo, performance tuning by miraculixx in https://github.com/omegaml/omegaml/pull/230
* enable client-provided jwt authentication by miraculixx in https://github.com/omegaml/omegaml/pull/233
* bug fixes by miraculixx in https://github.com/omegaml/omegaml/pull/236
* runtime.scripts/tasks uses delegate pattern to call the backend by miraculixx in https://github.com/omegaml/omegaml/pull/240
* Improve token auth by miraculixx in https://github.com/omegaml/omegaml/pull/242
* add pre-/post task hooks using common .perform() backend method by miraculixx in https://github.com/omegaml/omegaml/pull/246
* fix compressed export filename by miraculixx in https://github.com/omegaml/omegaml/pull/245
* refactor package build by miraculixx in https://github.com/omegaml/omegaml/pull/250
* refactor tracking dataset metadata by miraculixx in https://github.com/omegaml/omegaml/pull/249
* Py38 stability by miraculixx in https://github.com/omegaml/omegaml/pull/251
* Enable swagger api by miraculixx in https://github.com/omegaml/omegaml/pull/244
* Fix mlflow gitissue by miraculixx in https://github.com/omegaml/omegaml/pull/257
* Pandas dtypes api spec by miraculixx in https://github.com/omegaml/omegaml/pull/256
* win10.x compatibility by miraculixx in https://github.com/omegaml/omegaml/pull/255
* python 3.10 build support by miraculixx in https://github.com/omegaml/omegaml/pull/260
* Enable om deploy by miraculixx in https://github.com/omegaml/omegaml/pull/261
* simplify logger access by miraculixx in https://github.com/omegaml/omegaml/pull/264
* remove apikey from log output by miraculixx in https://github.com/omegaml/omegaml/pull/266
* simplify logger access by omegaml in https://github.com/omegaml/omegaml/pull/265
* Experiments log effective userid by miraculixx in https://github.com/omegaml/omegaml/pull/262
* extend swagger api mapping by miraculixx in https://github.com/omegaml/omegaml/pull/268
* improve windows compatibility by miraculixx in https://github.com/omegaml/omegaml/pull/270
* [Snyk] Security upgrade urllib3 from 1.24.3 to 1.26.5 by omegaml in https://github.com/omegaml/omegaml/pull/259
* [Snyk] Security upgrade protobuf from 3.8.0 to 3.18.3 by snyk-bot in https://github.com/omegaml/omegaml/pull/263
* [Snyk] Security upgrade joblib from 0.13.2 to 1.2.0 by snyk-bot in https://github.com/omegaml/omegaml/pull/267
* [Snyk] Security upgrade tensorflow/tensorflow from 2.2.0-gpu-jupyter to 2.10.0rc3-gpu-jupyter by snyk-bot in https://github.com/omegaml/omegaml/pull/248
* load config file for local in-memory worker by miraculixx in https://github.com/omegaml/omegaml/pull/243
* ensure om.runtime default tracking is applied by miraculixx in https://github.com/omegaml/omegaml/pull/272
* [Snyk] Fix for 69 vulnerabilities by omegaml in https://github.com/omegaml/omegaml/pull/273
* Enable celery monitoring hook by miraculixx in https://github.com/omegaml/omegaml/pull/274

New Contributors
* snyk-bot made their first contribution in https://github.com/omegaml/omegaml/pull/263

**Full Changelog**: https://github.com/omegaml/omegaml/compare/0.15.1...0.15.2-rc4

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.1

CVSS v3 Details

HIGH 8.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 5.8
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL