Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/sagemaker@3.2.0
Typepypi
Namespace
Namesagemaker
Version3.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.4.0
Latest_non_vulnerable_version3.8.0
Affected_by_vulnerabilities
0
url VCID-2zjb-zcsj-n3bh
vulnerability_id VCID-2zjb-zcsj-n3bh
summary SageMaker Python SDK replaced eval() with safe parser in JumpStart search functionality
references
0
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
1
reference_url https://github.com/aws/sagemaker-python-sdk/commit/e706e578519bd9b92ea44b9b15f872eca5e77ea4
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/e706e578519bd9b92ea44b9b15f872eca5e77ea4
2
reference_url https://github.com/aws/sagemaker-python-sdk/pull/5497
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/pull/5497
3
reference_url https://github.com/advisories/GHSA-5r2p-pjr8-7fh7
reference_id GHSA-5r2p-pjr8-7fh7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5r2p-pjr8-7fh7
4
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-5r2p-pjr8-7fh7
reference_id GHSA-5r2p-pjr8-7fh7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-5r2p-pjr8-7fh7
fixed_packages
0
url pkg:pypi/sagemaker@3.4.0
purl pkg:pypi/sagemaker@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.4.0
aliases GHSA-5r2p-pjr8-7fh7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2zjb-zcsj-n3bh
Fixing_vulnerabilities
0
url VCID-hm7p-vy71-vucv
vulnerability_id VCID-hm7p-vy71-vucv
summary The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1777
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06453
published_at 2026-06-12T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06422
published_at 2026-06-14T12:55:00Z
2
value 0.00022
scoring_system epss
scoring_elements 0.06442
published_at 2026-06-13T12:55:00Z
3
value 0.00022
scoring_system epss
scoring_elements 0.06434
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1777
1
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS
2
reference_url https://github.com/aws/sagemaker-python-sdk
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk
3
reference_url https://github.com/aws/sagemaker-python-sdk/commit/708c7b2f4135ecaec55973d098f3dbe98b657933
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/708c7b2f4135ecaec55973d098f3dbe98b657933
4
reference_url https://github.com/aws/sagemaker-python-sdk/commit/fb0d789db4fd5fecde5509963939369f4c7ce63b
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aws/sagemaker-python-sdk/commit/fb0d789db4fd5fecde5509963939369f4c7ce63b
5
reference_url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
reference_id 2026-004-AWS
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://aws.amazon.com/security/security-bulletins/2026-004-AWS/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1777
reference_id CVE-2026-1777
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1777
7
reference_url https://github.com/advisories/GHSA-rjrp-m2jw-pv9c
reference_id GHSA-rjrp-m2jw-pv9c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjrp-m2jw-pv9c
8
reference_url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-rjrp-m2jw-pv9c
reference_id GHSA-rjrp-m2jw-pv9c
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
3
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/security/advisories/GHSA-rjrp-m2jw-pv9c
9
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
reference_id v2.256.0
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v2.256.0
10
reference_url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.2.0
reference_id v3.2.0
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:00:05Z/
url https://github.com/aws/sagemaker-python-sdk/releases/tag/v3.2.0
fixed_packages
0
url pkg:pypi/sagemaker@2.256.0
purl pkg:pypi/sagemaker@2.256.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@2.256.0
1
url pkg:pypi/sagemaker@3.2.0
purl pkg:pypi/sagemaker@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2zjb-zcsj-n3bh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.2.0
aliases CVE-2026-1777, GHSA-rjrp-m2jw-pv9c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hm7p-vy71-vucv
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/sagemaker@3.2.0