-
Notifications
You must be signed in to change notification settings - Fork 441
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
2365d65
commit fab3200
Showing
3 changed files
with
67 additions
and
1 deletion.
There are no files selected for viewing
58 changes: 58 additions & 0 deletions
58
...rch/training/docker/1.12/py3/cu113/Dockerfile.sagemaker.trcomp.gpu.os_scan_allowlist.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
{ | ||
"torch": [ | ||
{ | ||
"description": "[torch](https://pypi.org/project/torch) is a Tensors and Dynamic neural networks in Python with strong GPU acceleration\n\nAffected versions of this package are vulnerable to Command Injection in `torch.jit.annotations.parse_type_line` which can cause arbitrary code execution because `eval` is used unsafely.", | ||
"vulnerability_id": "SNYK-PYTHON-TORCH-3149871", | ||
"name": "SNYK-PYTHON-TORCH-3149871", | ||
"package_name": "torch", | ||
"package_details": { | ||
"file_path": "opt/conda/lib/python3.8/site-packages/torch-1.12.0+cu113.dist-info/METADATA", | ||
"name": "torch", | ||
"package_manager": "PYTHONPKG", | ||
"version": "1.12.0+cu113", | ||
"release": null | ||
}, | ||
"remediation": { | ||
"recommendation": { | ||
"text": "None Provided" | ||
} | ||
}, | ||
"cvss_v3_score": 9.8, | ||
"cvss_v30_score": 0.0, | ||
"cvss_v31_score": 9.8, | ||
"cvss_v2_score": 0.0, | ||
"cvss_v3_severity": "CRITICAL", | ||
"source_url": "https://snyk.io/vuln/SNYK-PYTHON-TORCH-3149871", | ||
"source": "SNYK", | ||
"severity": "CRITICAL", | ||
"status": "ACTIVE", | ||
"title": "IN1-PYTHON-TORCH-3149871 - torch" | ||
}, { | ||
"description": " In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.", | ||
"vulnerability_id": "CVE-2022-45907", | ||
"name": "CVE-2022-45907", | ||
"package_name": "torch", | ||
"package_details": { | ||
"file_path": "opt/conda/lib/python3.8/site-packages/torch-1.12.0+cu113.dist-info/METADATA", | ||
"name": "torch", | ||
"package_manager": "PYTHONPKG", | ||
"version": "1.12.0+cu113", | ||
"release": null | ||
}, | ||
"remediation": { | ||
"recommendation": { | ||
"text": "None Provided" | ||
} | ||
}, | ||
"cvss_v3_score": 9.8, | ||
"cvss_v30_score": 0.0, | ||
"cvss_v31_score": 9.8, | ||
"cvss_v2_score": 0.0, | ||
"cvss_v3_severity": "CRITICAL", | ||
"source_url": "https://people.canonical.com/~ubuntu-security/cve/2022/CVE-2022-45907.html", | ||
"source": "UBUNTU_CVE", | ||
"severity": "MEDIUM", | ||
"status": "ACTIVE", | ||
"title": "CVE-2022-45907 - torch" | ||
}] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters