CVE-2023-25399 - Medium Severity Vulnerability
Vulnerable Library - scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
SciPy: Scientific Library for Python
Library home page: https://files.pythonhosted.org/packages/58/4f/11f34cfc57ead25752a7992b069c36f5d18421958ebd6466ecd849aeaf86/scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
Path to dependency file: /Resume_Analysis/requirements.txt
Path to vulnerable library: /Resume_Analysis/requirements.txt
Dependency Hierarchy:
- gensim-4.2.0-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Root Library)
- ❌ scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Vulnerable Library)
Found in base branch: main
Vulnerability Details
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
Publish Date: 2023-07-05
URL: CVE-2023-25399
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Origin: GHSA-9jx5-6pgf-crrp
Release Date: 2023-07-05
Fix Resolution: scipy - 1.10.0
Step up your Open Source Security Game with Mend here
CVE-2023-25399 - Medium Severity Vulnerability
SciPy: Scientific Library for Python
Library home page: https://files.pythonhosted.org/packages/58/4f/11f34cfc57ead25752a7992b069c36f5d18421958ebd6466ecd849aeaf86/scipy-1.7.3-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl
Path to dependency file: /Resume_Analysis/requirements.txt
Path to vulnerable library: /Resume_Analysis/requirements.txt
Dependency Hierarchy:
Found in base branch: main
A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly.
Publish Date: 2023-07-05
URL: CVE-2023-25399
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-9jx5-6pgf-crrp
Release Date: 2023-07-05
Fix Resolution: scipy - 1.10.0
Step up your Open Source Security Game with Mend here