Product Research Enterprise Plans Docs

PyPi: Opensearch-Py-Ml

CVE-2022-45907

Transitive

Safety vulnerability ID: 53135

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 26, 2022 Updated at Aug 14, 2023

Scan your Python projects for vulnerabilities →

Advisory

Opensearch-py-ml 1.0.0 requires 'torch>=1.13.0' to include a security fix.

Affected package

opensearch-py-ml

Latest version: 1.1.0

Python Client and Toolkit for DataFrames, Big Data, Machine Learning and ETL in OpenSearch

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Fixed bugs in Training Script
* Added multiple notebooks in documentation for better clarification
* Added integration tests and more functionalities for MLCommons integration
* Added support for tracing model in Onnx format
* updating installation instruction by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/41
* fix file extension issue and add wait for multi-processes by mingshl in https://github.com/opensearch-project/opensearch-py-ml/pull/42
* fixing train documentation by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/44
* removing os_client dependency + added 2.4.0 version for integration test by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/45
* add make_model_config function and add doc by mingshl in https://github.com/opensearch-project/opensearch-py-ml/pull/46
* upgrade package version to fix security issues and format code by mingshl in https://github.com/opensearch-project/opensearch-py-ml/pull/51
* Unit test for SentenceTransformerModel by mingshl in https://github.com/opensearch-project/opensearch-py-ml/pull/52
* refactoring upload_api + added integration test + added load model ap… by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/54
* bug fix of sentencetransformermodel + add integration test from mode… by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/63
* Updated MAINTAINERS.md format. by dblock in https://github.com/opensearch-project/opensearch-py-ml/pull/64
* notebook_documentation by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/66
* merged generate.py demo notebook with training notebook by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/67
* tracing model with onnx format + changed opesearch version to 2.5.0 by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/69
* updating docs workflow to 2.5.0 also by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/71
* Bump opensearch-py from 2.0.1 to 2.1.1 by dependabot in https://github.com/opensearch-project/opensearch-py-ml/pull/70
* added download link to the notebook by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/73
* update notebook + version update by dhrubo-os in https://github.com/opensearch-project/opensearch-py-ml/pull/76

New Contributors
* dblock made their first contribution in https://github.com/opensearch-project/opensearch-py-ml/pull/64
* dependabot made their first contribution in https://github.com/opensearch-project/opensearch-py-ml/pull/70

**Full Changelog**: https://github.com/opensearch-project/opensearch-py-ml/compare/1.0.0b1...1.0.0

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45907

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

CRITICAL 9.8

CVSS v3 Details

CRITICAL 9.8

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): HIGH