VDB
EN
LOW 3.6

GHSA-phx2-3w66-h4pw

mlrun: DataFrame hash collisions can cause dataset artifact path conflicts and silent data corruption

상세

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculate_dataframe_hash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local environment. The complexity of an attack is rather high. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / mlrun
최초 영향 버전: 0

No fixed version published yet for mlrun (pip). Pin to a known-safe version or switch to an alternative.

참고