Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/numpy@1.7.0

Type pypi

Namespace

Name numpy

Version 1.7.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.19.1

Latest_non_vulnerable_version 1.22.0

Affected_by_vulnerabilities

url VCID-86w7-qcmk-xyca

vulnerability_id VCID-86w7-qcmk-xyca

summary Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.

references

reference_url	https://github.com/advisories/GHSA-5545-2q6w-2gh6
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-5545-2q6w-2gh6

reference_url	https://github.com/numpy/numpy/issues/19038
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/issues/19038

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-41495
reference_id	CVE-2021-41495
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-41495

fixed_packages

url	pkg:pypi/numpy@1.19.1
purl	pkg:pypi/numpy@1.19.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.19.1

aliases CVE-2021-41495, GHSA-5545-2q6w-2gh6, PYSEC-2021-856

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86w7-qcmk-xyca

url VCID-d4gz-n249-4ucx

vulnerability_id VCID-d4gz-n249-4ucx

summary The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

references

reference_url	https://github.com/advisories/GHSA-frgw-fgh6-9g52
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-frgw-fgh6-9g52

reference_url	https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852
reference_id
reference_type
scores
url	https://github.com/BT123/testcasesForMyRequest/tree/master/CVE-2017-12852

reference_url	https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/issues/9560#issuecomment-322395292

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12852
reference_id	CVE-2017-12852
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12852

fixed_packages

url pkg:pypi/numpy@1.13.3

purl pkg:pypi/numpy@1.13.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-86w7-qcmk-xyca

vulnerability	VCID-vx94-afb7-ybdw

vulnerability	VCID-xmpe-ucks-uubr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.13.3

aliases CVE-2017-12852, GHSA-frgw-fgh6-9g52, PYSEC-2017-1

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4gz-n249-4ucx

url VCID-hgxa-jmn2-7udg

vulnerability_id VCID-hgxa-jmn2-7udg

summary (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
reference_id
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1062009
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1062009

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/91317
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/91317

reference_url	https://github.com/advisories/GHSA-2fc2-6r4j-p65h
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-2fc2-6r4j-p65h

reference_url	https://github.com/numpy/numpy
reference_id
reference_type
scores
url	https://github.com/numpy/numpy

reference_url	https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst

reference_url	https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15

reference_url	https://github.com/numpy/numpy/pull/4262
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/pull/4262

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-34.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-34.yaml

reference_url	https://web.archive.org/web/20200228165750/http://www.securityfocus.com/bid/65440
reference_id
reference_type
scores
url	https://web.archive.org/web/20200228165750/http://www.securityfocus.com/bid/65440

reference_url	http://www.openwall.com/lists/oss-security/2014/02/08/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2014/02/08/3

reference_url	http://www.securityfocus.com/bid/65440
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/65440

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2014-1859
reference_id	CVE-2014-1859
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2014-1859

fixed_packages

url pkg:pypi/numpy@1.8.1

purl pkg:pypi/numpy@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-86w7-qcmk-xyca

vulnerability	VCID-d4gz-n249-4ucx

vulnerability	VCID-vx94-afb7-ybdw

vulnerability	VCID-xmpe-ucks-uubr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.8.1

aliases CVE-2014-1859, GHSA-2fc2-6r4j-p65h, PYSEC-2018-34

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hgxa-jmn2-7udg

url VCID-tefk-aqbz-z3gh

vulnerability_id VCID-tefk-aqbz-z3gh

summary __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
reference_id
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1062009
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1062009

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/91318

reference_url	https://github.com/advisories/GHSA-cw6w-4rcx-xphc
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-cw6w-4rcx-xphc

reference_url	https://github.com/numpy/numpy
reference_id
reference_type
scores
url	https://github.com/numpy/numpy

reference_url	https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst

reference_url	https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15

reference_url	https://github.com/numpy/numpy/pull/4262
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/pull/4262

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-33.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2018-33.yaml

reference_url	http://www.openwall.com/lists/oss-security/2014/02/08/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2014/02/08/3

reference_url	http://www.securityfocus.com/bid/65441
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/65441

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2014-1858
reference_id	CVE-2014-1858
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2014-1858

fixed_packages

url pkg:pypi/numpy@1.8.1

purl pkg:pypi/numpy@1.8.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-86w7-qcmk-xyca

vulnerability	VCID-d4gz-n249-4ucx

vulnerability	VCID-vx94-afb7-ybdw

vulnerability	VCID-xmpe-ucks-uubr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.8.1

aliases CVE-2014-1858, GHSA-cw6w-4rcx-xphc, PYSEC-2018-33

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tefk-aqbz-z3gh

url VCID-vx94-afb7-ybdw

vulnerability_id VCID-vx94-afb7-ybdw

summary ** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html

reference_url	https://access.redhat.com/errata/RHSA-2019:3335
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3335

reference_url	https://access.redhat.com/errata/RHSA-2019:3704
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:3704

reference_url	https://bugzilla.suse.com/show_bug.cgi?id=1122208
reference_id
reference_type
scores
url	https://bugzilla.suse.com/show_bug.cgi?id=1122208

reference_url	https://github.com/numpy/numpy/issues/12759
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/issues/12759

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/

reference_url	http://www.securityfocus.com/bid/106670
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/106670

fixed_packages

url pkg:pypi/numpy@1.16.1

purl pkg:pypi/numpy@1.16.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-86w7-qcmk-xyca

vulnerability	VCID-xmpe-ucks-uubr

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.16.1

aliases CVE-2019-6446, PYSEC-2019-108

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vx94-afb7-ybdw

url VCID-xmpe-ucks-uubr

vulnerability_id VCID-xmpe-ucks-uubr

summary Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.

references

reference_url	https://github.com/advisories/GHSA-f7c7-j99h-c22f
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-f7c7-j99h-c22f

reference_url	https://github.com/numpy/numpy/issues/19000
reference_id
reference_type
scores
url	https://github.com/numpy/numpy/issues/19000

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-41496
reference_id	CVE-2021-41496
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-41496

fixed_packages

url pkg:pypi/numpy@1.19.0

purl pkg:pypi/numpy@1.19.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-86w7-qcmk-xyca

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.19.0

aliases CVE-2021-41496, GHSA-f7c7-j99h-c22f, PYSEC-2021-857

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmpe-ucks-uubr

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/numpy@1.7.0

Package Instance