Описание
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) prior to v1.0.10 relies on the HOME environment variable, which might be untrusted.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10844
- https://github.com/sony/nnabla/issues/209
- https://github.com/sony/nnabla/pull/299
- https://github.com/sony/nnabla/commit/e87347648ab7210529a0e60f0849680de8e9b63a
- https://github.com/advisories/GHSA-4q2w-rw7m-xqw6
- https://github.com/pypa/advisory-database/tree/main/vulns/nnabla/PYSEC-2019-107.yaml
- https://github.com/sony/nnabla/releases/tag/v1.0.10
Пакеты
Наименование
nnabla
pip
Затронутые версииВерсия исправления
< 1.0.10
1.0.10
Связанные уязвимости
CVSS3: 9.8
nvd
почти 7 лет назад
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.