Product Research Enterprise Plans Docs

PyPi: Sagemaker

CVE-2022-40754

Transitive

Safety vulnerability ID: 51357

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 21, 2022 Updated at Dec 12, 2024

Scan your Python projects for vulnerabilities →

Advisory

Sagemaker 2.111.0 updates its dependency 'apache-airflow' to v2.4.0 to include a security fix.

Affected package

sagemaker

Latest version: 2.237.1

Open source library for training and deploying models on Amazon SageMaker.

Affected versions

Fixed versions

Vulnerability changelog

Features

* Edit test file for supporting TF 2.10 training

Bug Fixes and Other Changes

* support kms key in processor pack local code
* security issue by bumping apache-airflow from 2.3.4 to 2.4.0
* instance count retrieval logic
* Add regex for short-form sagemaker-xgboost tags
* Upgrade attrs>=20.3.0,<23
* Add PipelineVariable annotation to Amazon estimators

Documentation Changes

* add context for pytorch

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40754

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): LOW
Availability Availability (A): NONE