Product Research Enterprise Plans Docs

PyPi: Openstef

CVE-2023-1176

Transitive

Safety vulnerability ID: 64039

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 24, 2023 Updated at Dec 12, 2024

Scan your Python projects for vulnerabilities →

Advisory

Openstef 3.1.1 upgrades its mlflow dependency, moving from the compatible release version of approximately 1.22.0 (=1.22.0) to approximately 1.24.0 (=1.24.0), in response to the security vulnerability CVE-2023-1176.

Affected package

openstef

Latest version: 3.4.48

Open short term energy forecaster

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Feature 187 add feature adder by BenoitHardier in https://github.com/OpenSTEF/openstef/pull/246
* Remove sonar quality gate by Davidswinkels in https://github.com/OpenSTEF/openstef/pull/306
* Update mlflow version to fix security issue by Davidswinkels in https://github.com/OpenSTEF/openstef/pull/307

**Full Changelog**: https://github.com/OpenSTEF/openstef/compare/v3.1.0...v3.1.1

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1176

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

LOW 3.3

CVSS v3 Details

LOW 3.3

Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): NONE
Availability Availability (A): NONE