Workflow

PyPi: Scikit-Rmt

CVE-2023-25399

Transitive

Safety vulnerability ID: 59400

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 05, 2023 Updated at Aug 07, 2024
Scan your Python projects for vulnerabilities →

Advisory

Scikit-rmt 0.7.0 updates its dependency 'scipy' to version '1.11.1' to include a security fix.
https://github.com/AlejandroSantorum/scikit-rmt/commit/ced51769bf275174be271af820c196df7a6144fc

Affected package

scikit-rmt

Latest version: 1.0.0

Random Matrix Theory Python package

Affected versions

Fixed versions

Vulnerability changelog

Announcing release version 0.7.0.

New features and modifications:
- Added **default eigenvalue normalization constant** (`eigval_norm_const`), which controls the support of the eigenvalues independently of the sample size.
- Now, the methods `eigval_hist` and `plot_eigval_hist` do **not** receive the argument `norm_const`. Instead, they receive the input argument `normalize` (default to `True`) to select **whether to normalize the eigenvalues or not**.
- Added new method `set_eigval_norm_const` in case the user wants **to change the default eigenvalue normalization constant**.
- Improved and **updated documentation** and tutorials.
- **Updated requirements to avoid scipy memory leak vulnerability**. Potentially, now the library is not tested for python 3.7.
- **Pinned numpy to use version <= 1.24.3** since version **1.24.4 is causing problems**.

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.5

CVSS v3 Details

MEDIUM 5.5
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
LOW
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH