Product Research Enterprise Plans Docs

PyPi: Deepchecks

CVE-2023-40170

Transitive

Safety vulnerability ID: 64764

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 28, 2023 Updated at Jan 31, 2024

Scan your Python projects for vulnerabilities →

Advisory

Deepchecks version 0.18.0 updates its dependency on jupyter-server to version 2.7.2 from 1.24.0, addressing security vulnerability CVE-2023-40170.
https://github.com/deepchecks/deepchecks/pull/2683

Affected package

deepchecks

Latest version: 0.18.1

Package for validating your machine learning model and data

Affected versions

Fixed versions

Vulnerability changelog

Documentation
- fix typos in README.md [skip ci] (2699) [2699](https://github.com/deepchecks/deepchecks/pull/2699) ([Eyal C](https://github.com/deepchecks/deepchecks/commit/1ffb9086df980a6209ba04577787b17001c90380))
- add RayanAAY-ops as a contributor for code, and ideas (2733) [2733](https://github.com/deepchecks/deepchecks/pull/2733) ([allcontributors[bot]](https://github.com/deepchecks/deepchecks/commit/5648b617b9acfa4907e41a5807ac50317eb58a91))

Commits
- d1c07ab: Change nlp model properties to use onnx optimized models (Nadav Barak) [2681](https://github.com/deepchecks/deepchecks/pull/2681)
- 3eaca24: Remove empty_gpu for cached models (Nadav Barak) [2682](https://github.com/deepchecks/deepchecks/pull/2682)
- 9890fd5: Part of the vulnerability fixes required by Snyk (2683) (Noam Bressler) [2683](https://github.com/deepchecks/deepchecks/pull/2683)
- 3f148f1: Fix CI/CD (2685) (Harsh Jain) [2685](https://github.com/deepchecks/deepchecks/pull/2685)
- c2bbd59: Bump dev version (2686) (Noam Bressler) [2686](https://github.com/deepchecks/deepchecks/pull/2686)
- cf4a7ea: Added support for filterting check results by name (2695) (Harsh Jain) [2695](https://github.com/deepchecks/deepchecks/pull/2695)
- a40e8c3: modification of language property text (2704) (Nadav Barak) [2704](https://github.com/deepchecks/deepchecks/pull/2704)
- 9806488: Change lexical density to a 0-1 float (2708) (Noam Bressler) [2708](https://github.com/deepchecks/deepchecks/pull/2708)
- f8eaa0c: Vulnerability issues fix by Synk (2703) (Harsh Jain) [2703](https://github.com/deepchecks/deepchecks/pull/2703)
- 6ff7d2a: Code optimization for cleaning special chars from string (2698) (Manish Kumar) [2698](https://github.com/deepchecks/deepchecks/pull/2698)
- 76b92c8: change_weak_segments_na_logic (2709) (JKL98ISR) [2709](https://github.com/deepchecks/deepchecks/pull/2709)
- c4af7dd: segments bug fix with na (2712) (Nadav Barak) [2712](https://github.com/deepchecks/deepchecks/pull/2712)
- 708bac7: weak segment should have maximum of 1 category (2705) (Nadav Barak) [2705](https://github.com/deepchecks/deepchecks/pull/2705)
- 7bb31d1: remove ipython req (2716) (Noam Bressler) [2716](https://github.com/deepchecks/deepchecks/pull/2716)
- 42cf4b3: improved documentation (2717) (Nadav Barak) [2717](https://github.com/deepchecks/deepchecks/pull/2717)
- 7639a35: Limit a newer sklearn version that breaks _ProbaScorer (2723) (Noam Bressler) [2723](https://github.com/deepchecks/deepchecks/pull/2723)
- 2ef42a0: Fix build (2731) (Noam Bressler) [2731](https://github.com/deepchecks/deepchecks/pull/2731)
- 5db924d: Remove benchmark history check (2732) (Noam Bressler) [2732](https://github.com/deepchecks/deepchecks/pull/2732)
- 32cb218: update ver and docs (Noam Bressler)

Resources

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40170

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): LOW
Availability Availability (A): NONE