GHSA-fpfv-jqm9-f5jm

Source

https://github.com/advisories/GHSA-fpfv-jqm9-f5jm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-fpfv-jqm9-f5jm/GHSA-fpfv-jqm9-f5jm.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-fpfv-jqm9-f5jm

Aliases

Published

2021-12-18T00:00:41Z

Modified

2023-11-01T04:55:38.233354Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

Incorrect Comparison in NumPy

Details

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.

Database specific

{
    "nvd_published_at": "2021-12-17T19:15:00Z",
    "github_reviewed_at": "2022-06-21T20:12:53Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-697"
    ]
}

References

Affected packages

PyPI / numpy

Package

Name: numpy; View open source insights on deps.dev
Purl: pkg:pypi/numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.22

Affected versions

0.*

0.9.6

0.9.8

1.*

1.0b1

1.0b4

1.0b5

1.0rc1

1.0rc2

1.0rc3

1.0

1.0.3

1.0.4

1.1.1

1.2.0

1.2.1

1.3.0

1.4.0

1.4.1

1.5.0

1.5.1

1.6.0

1.6.1

1.6.2

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.9.0

1.9.1

1.9.2

1.9.3

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.11.0

1.11.1

1.11.2

1.11.3

1.12.0

1.12.1

1.13.0

1.13.1

1.13.3

1.14.0

1.14.1

1.14.2

1.14.3

1.14.4

1.14.5

1.14.6

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.16.0

1.16.1

1.16.2

1.16.3

1.16.4

1.16.5

1.16.6

1.17.0

1.17.1

1.17.2

1.17.3

1.17.4

1.17.5

1.18.0

1.18.1

1.18.2

1.18.3

1.18.4

1.18.5

1.19.0

1.19.1

1.19.2

1.19.3

1.19.4

1.19.5

1.20.0

1.20.1

1.20.2

1.20.3

1.21.0

1.21.1

1.21.2

1.21.3

1.21.4

1.21.5

1.21.6