Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pyarrow@0.15.0
Typepypi
Namespace
Namepyarrow
Version0.15.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version23.0.1
Latest_non_vulnerable_version23.0.1
Affected_by_vulnerabilities
0
url VCID-7gsz-eas8-5bgp
vulnerability_id VCID-7gsz-eas8-5bgp
summary Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files).
references
0
reference_url https://github.com/advisories/GHSA-5wvp-7f3h-6wmm
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5wvp-7f3h-6wmm
1
reference_url https://github.com/apache/arrow
reference_id
reference_type
scores
url https://github.com/apache/arrow
2
reference_url https://github.com/apache/arrow/commit/f14170976372436ec1d03a724d8d3f3925484ecf
reference_id
reference_type
scores
url https://github.com/apache/arrow/commit/f14170976372436ec1d03a724d8d3f3925484ecf
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/pyarrow/PYSEC-2023-238.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/pyarrow/PYSEC-2023-238.yaml
4
reference_url https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
reference_id
reference_type
scores
url https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FR34AIPXVTMB3XPRU5ULV5HHWPMRE33X
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FR34AIPXVTMB3XPRU5ULV5HHWPMRE33X
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAGWEAJDWO2ACYATUQCPXLSYY5C3L3XU
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAGWEAJDWO2ACYATUQCPXLSYY5C3L3XU
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWFYXLVBTBHNKYRXI572RFX7IJDDQGBL
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWFYXLVBTBHNKYRXI572RFX7IJDDQGBL
8
reference_url https://pypi.org/project/pyarrow-hotfix
reference_id
reference_type
scores
url https://pypi.org/project/pyarrow-hotfix
9
reference_url https://pypi.org/project/pyarrow-hotfix/
reference_id
reference_type
scores
url https://pypi.org/project/pyarrow-hotfix/
10
reference_url https://www.cve.org/CVERecord?id=CVE-2023-47248
reference_id
reference_type
scores
url https://www.cve.org/CVERecord?id=CVE-2023-47248
11
reference_url https://www.openwall.com/lists/oss-security/2023/11/08/7
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2023/11/08/7
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47248
reference_id CVE-2023-47248
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-47248
fixed_packages
0
url pkg:pypi/pyarrow@14.0.1
purl pkg:pypi/pyarrow@14.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tnyq-42nk-1fc6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyarrow@14.0.1
aliases CVE-2023-47248, GHSA-5wvp-7f3h-6wmm, PYSEC-2023-238
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gsz-eas8-5bgp
Fixing_vulnerabilities
0
url VCID-6yaz-ayj9-zqcr
vulnerability_id VCID-6yaz-ayj9-zqcr
summary It was discovered that the C++ implementation (which underlies the R, Python and Ruby implementations) of Apache Arrow 0.14.0 to 0.14.1 had a uninitialized memory bug when building arrays with null values in some cases. This can lead to uninitialized memory being unintentionally shared if Arrow Arrays are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.
references
0
reference_url https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E
1
reference_url https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E
fixed_packages
0
url pkg:pypi/pyarrow@0.15.0
purl pkg:pypi/pyarrow@0.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7gsz-eas8-5bgp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyarrow@0.15.0
aliases CVE-2019-12408, GHSA-8cw2-jv5c-c825, PYSEC-2019-195
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yaz-ayj9-zqcr
1
url VCID-7wzb-dv7h-jkdm
vulnerability_id VCID-7wzb-dv7h-jkdm
summary While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory could potentially be shared if are transmitted over the wire (for instance with Flight) or persisted in the streaming IPC and file formats.
references
0
reference_url https://github.com/advisories/GHSA-cjw4-2w9r-r8mv
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-cjw4-2w9r-r8mv
1
reference_url https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://lists.apache.org/thread.html/49f067b1c5fb7493d952580f0d2d032819ba351f7a78743c21126269@%3Cdev.arrow.apache.org%3E
2
reference_url https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/efd8bbf57427d3c303b5316d208a335f8d0c0dbe0dc4c87cfa995073@%3Cannounce.apache.org%3E
3
reference_url http://www.openwall.com/lists/oss-security/2019/11/08/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/11/08/1
fixed_packages
0
url pkg:pypi/pyarrow@0.15.0
purl pkg:pypi/pyarrow@0.15.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7gsz-eas8-5bgp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pyarrow@0.15.0
aliases CVE-2019-12410, GHSA-cjw4-2w9r-r8mv, PYSEC-2019-196
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wzb-dv7h-jkdm
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pyarrow@0.15.0