exploitDog

CVE-2021-39158

Опубликовано: 23 авг. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

NVCaffe's python required dependencies list used to contain gfortranversion prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.

Ссылки

https://github.com/NVIDIA/caffe/security/advisories/GHSA-fmpp-8pwg-vwh9
Third Party Advisory
https://github.com/NVIDIA/caffe/security/advisories/GHSA-fmpp-8pwg-vwh9
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nvidia:nvcaffe:*:*:*:*:*:*:*:*

Версия до 0.17.4 (исключая)

EPSS

Процентиль: 34%

0.00141

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-345

EPSS

Процентиль: 34%

0.00141

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-345