gluoncv@0.11.0b20220920 vulnerabilities

Gluon CV Toolkit

latest version

0.10.5.post0

first published

6 years ago

latest version published

2 years ago

licenses detected

Apache-2.0
[0,)

View gluoncv package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the gluoncv package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Arbitrary File Write via Archive Extraction (Zip Slip) gluoncv is a Gluon CV Toolkit Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the `from_csv()` function in `ImageClassificationDataset`. An attacker can overwrite files on the victim's system by using this function to extract malicious tar files that exploit path traversal when extracted. How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? There is no fixed version for `gluoncv`.	[0,)

Arbitrary File Write via Archive Extraction (Zip Slip)

gluoncv is a Gluon CV Toolkit

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the from_csv() function in ImageClassificationDataset. An attacker can overwrite files on the victim's system by using this function to extract malicious tar files that exploit path traversal when extracted.

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

There is no fixed version for gluoncv.

[0,)

Go back to all versions of this package