Workflow

PyPi: Numpyro-Oop

CVE-2024-43805

Transitive

Safety vulnerability ID: 73390

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 28, 2024 Updated at Oct 21, 2024
Scan your Python projects for vulnerabilities →

Advisory

Numpyro-oop has resolved a security vulnerability in jupyterlab by updating the development dependency to version 4.2.5, addressing CVE-2024-43805.

Affected package

numpyro-oop

Latest version: 0.1.0

A convenient object-oriented wrapper for working with numpyro models.

Affected versions

Fixed versions

Vulnerability changelog

This release

- updates key dependency numpyro to 0.15.3,
- fixes a security issue in `jupyterlab` by updating that dev dependency to `4.2.5`,
- fixes a bug with incorrectly passed `model_kwargs`

What's Changed
* Fixes model kwargs argument passing by whaiao in https://github.com/ag-perception-wallis-lab/numpyro-oop/pull/3
* Merge bug fixing changes and add CI testing by tomwallis in https://github.com/ag-perception-wallis-lab/numpyro-oop/pull/4
* Update deps by tomwallis in https://github.com/ag-perception-wallis-lab/numpyro-oop/pull/5

New Contributors
* whaiao made their first contribution in https://github.com/ag-perception-wallis-lab/numpyro-oop/pull/3

**Full Changelog**: https://github.com/ag-perception-wallis-lab/numpyro-oop/compare/0.0.1...0.0.2

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.1

CVSS v3 Details

MEDIUM 6.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
CHANGED
Confidentiality Impact (C)
LOW
Integrity Impact (I)
LOW
Availability Availability (A)
NONE