Homepage

sagemaker-training@4.7.1 vulnerabilities

Open source library for creating containers to run on Amazon SageMaker.

  • latest version

    4.9.0

  • latest non vulnerable version

    4.9.0

  • first published

    5 years ago

  • latest version published

    2 months ago

  • licenses detected

  • View sagemaker-training package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the sagemaker-training package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insertion of Sensitive Information into Log File

    sagemaker-training is an Open source library for creating containers to run on Amazon SageMaker.

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of sensitive authorization tokens in log files when the CodeArtifact capability is enabled. When users push these log files to their CloudWatch Log streams, an attacker with access to the CloudWatch logs within their AWS account may be able to see the authorization token.

    How to fix Insertion of Sensitive Information into Log File?

    Upgrade sagemaker-training to version 4.8.0 or higher.

    [4.7.0,4.8.0)
    Go back to all versions of this package