PYSEC-2019-107

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/nnabla/PYSEC-2019-107.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2019-107
Aliases
Published
2019-04-04T05:29:00Z
Modified
2023-11-01T04:50:11.984147Z
Summary
[none]
Details

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.

References

Affected packages

PyPI / nnabla

Package

Name
nnabla
View open source insights on deps.dev
Purl
pkg:pypi/nnabla

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.15

Affected versions

0.*

0.9.1rc3
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9

1.*

1.0.0rc2
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10.dev1
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14