PyPi: Deepcell

CVE-2022-35939

Transitive

Safety vulnerability ID: 48591

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 16, 2022 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Deepcell 0.12.0rc2 and prior include a version of TensorFlow (2.8.0) with known vulnerabilities.

Affected package

deepcell

Latest version: 0.12.10

Deep learning for single cell image segmentation

Affected versions

Fixed versions

Vulnerability changelog

🐛 Bug Fixes

<details>
<summary>Updated `deepcell_tracking.utils` to `deepcell.data.tracking` for importing `Track` and `concat_tracks` ulisrael (565)</summary>

What
* Updated the tracking notebook so `Track` and `concat_tracks` were imported from `deepcell.data.tracking`

Why
* The location of these files changed in the latest version of deepcell

</details>


🧰 Maintenance

<details>
<summary>Bump version to 0.11.1 msschwartz21 (585)</summary>

* Update copyright in `deepcell/_version.py` to 2022
</details>

<details>
<summary>Add option for graph attention layer to tracking model msschwartz21 (584)</summary>

What
* Exposes an option to use the graph attention layer `GATConv` from `spektral`

Why
* Allows us to test the impact of different graph layers on the tracking model

</details>

<details>
<summary>Update nuclear and cytoplasm segmentation models from the data-registry msschwartz21 (580)</summary>

* Updates nuclear segmentation model with the version created by https://github.com/vanvalenlab/data-registry/pull/188
* Update cytoplasm segmentation model with the version created by https://github.com/vanvalenlab/data-registry/pull/164

The same models have been uploaded to the deepcell-models bucket in GCP for deployment through the kiosk.
</details>

<details>
<summary>Build a Docker image and run tests in the container. willgraf (575)</summary>

What
* Add a new GitHub workflow to build a docker image and run the unit tests inside it.

Why
* This ensures that the docker images work as expected rather than relying solely on the tests passing in the test-runner environment.

</details>

<details>
<summary>Update README with TissueNet publication ngreenwald (571)</summary>

What
* Update the ReadMe with the link for the paper

Why
* I'll merge this in tomorrow AM once the link goes live

</details>

<details>
<summary><s>Revert to TensorFlow 2.5.1. willgraf (570)</s></summary>

What
* Revert TensorFlow version from 2.5.2 to 2.5.1. The patch is already able to be installed via `setup.py` and `requirements.txt`.

Why
* No 2.5.2 docker images are available, the patch can be installed via pip.
* Fixes 568

</details>

<details>
<summary><s>Update tensorflow in requirements.txt willgraf (567)</s></summary>

What
* Fix bug in 566 with missing change in requirements.txt

Why
* Finish update of base TensorFlow version.

</details>

<details>
<summary><s>Bump TF_VERSION to 2.5.2. willgraf (566)</s></summary>

What
* Update TF_VERSION used to [2.5.2](https://github.com/tensorflow/tensorflow/releases/tag/v2.5.2)

Why
* Fixes several vulnerabilities

</details>

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH