Safety vulnerability ID: 71474
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Heart-library version 0.3.2 removes its dependency 'YOLOv5' because it is affected by a known vulnerability identified as CVE-2024-3651.
Latest version: 0.4.4
Hardened Extension of the Adversarial Robustness Toolbox (HEART) supports assessment of adversarial AI vulnerabilities in Test & Evaluation workflows.
https://github.com/IBM/heart-library
https://pypi.org/project/heart-library/
Update Notes
- Deprecation of YOLOv5 due to known vulnerability (https://github.com/advisories/GHSA-jjg7-2v4v-x38h).
- Support for DeTR object detector estimator. Object detection notebooks updated to demonstrate DeTR in place of deprecated YOLOv5.
- Minor changes to remove SAST vulnerabilities.
- Transitive dependency updates in poetry.lock to remove vulnerabilities.
Known Issue
`setuptools>=70.0.0` causes a breaking issue within `adversarial-robustness-toolbox` when attempting to import `pkg_resources` within [art/estimators/speech_recognition/pytorch_deep_speech.py](https://github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/art/estimators/speech_recognition/pytorch_deep_speech.py#L26). This import pathway was deprecated with the major version release of `setuptools==70.0.0`.
**Workaround:**
Re-install `setuptools` using version `69.5.1` in your virtual environment.
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application