Skip to content
This repository has been archived by the owner on Feb 8, 2024. It is now read-only.

CVE-2023-25399 (Medium) detected in scipy-1.1.0-cp37-cp37m-manylinux1_x86_64.whl, scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl - autoclosed #587

Closed
mend-for-github-com bot opened this issue Aug 14, 2023 · 1 comment
Closed

CVE-2023-25399 (Medium) detected in scipy-1.1.0-cp37-cp37m-manylinux1_x86_64.whl, scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl - autoclosed #587

mend-for-github-com bot opened this issue Aug 14, 2023 · 1 comment
Labels
Mend: dependency security vulnerability Security vulnerability detected by WhiteSource

Comments

@mend-for-github-com
Copy link

CVE-2023-25399 - Medium Severity Vulnerability

Vulnerable Libraries - scipy-1.1.0-cp37-cp37m-manylinux1_x86_64.whl, scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

scipy-1.1.0-cp37-cp37m-manylinux1_x86_64.whl

SciPy: Scientific Library for Python

Library home page: https://files.pythonhosted.org/packages/40/de/0c22c6754370ba6b1fa8e53bd6e514d4a41a181125d405a501c215cbdbd6/scipy-1.1.0-cp37-cp37m-manylinux1_x86_64.whl

Path to dependency file: /src/pybind/mgr/diskprediction_local/requirements.txt

Path to vulnerable library: /src/pybind/mgr/diskprediction_local/requirements.txt,/src/pybind/rbd,/src/pybind/rgw,/src/tools/cephfs/shell

Dependency Hierarchy:

  • scipy-1.1.0-cp37-cp37m-manylinux1_x86_64.whl (Vulnerable Library)
scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

SciPy: Scientific Library for Python

Library home page: https://files.pythonhosted.org/packages/58/4f/11f34cfc57ead25752a7992b069c36f5d18421958ebd6466ecd849aeaf86/scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Path to dependency file: /src/pybind/mgr/requirements.txt

Path to vulnerable library: /src/pybind/mgr/requirements.txt

Dependency Hierarchy:

  • scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Vulnerable Library)

Found in HEAD commit: aa78617d024ccd26801e43c6980f939cf8bded5f

Found in base branch: main

Vulnerability Details

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.

Publish Date: 2023-07-05

URL: CVE-2023-25399

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: Low
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-25399

Release Date: 2023-07-05

Fix Resolution: 1.10.0

⛑️ Automatic Remediation will be attempted for this issue.
@mend-for-github-com mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Aug 14, 2023
@mend-for-github-com mend-for-github-com bot mentioned this issue Jul 27, 2023
Closed
@mend-for-github-com
Copy link
Author

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

@mend-for-github-com mend-for-github-com bot changed the title CVE-2023-25399 (Medium) detected in scipy-1.1.0-cp37-cp37m-manylinux1_x86_64.whl, scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl CVE-2023-25399 (Medium) detected in scipy-1.1.0-cp37-cp37m-manylinux1_x86_64.whl, scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl - autoclosed Sep 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Mend: dependency security vulnerability Security vulnerability detected by WhiteSource
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants