dask@2.15.0 vulnerabilities

Parallel PyData with Task Scheduling

Direct Vulnerabilities

Known vulnerabilities in the dask package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Incorrect Access Control

dask is a Parallel PyData with Task Scheduling

Affected versions of this package are vulnerable to Incorrect Access Control. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by an attacker to achieve remote code execution.

How to fix Incorrect Access Control?

Upgrade dask to version 2021.10.0 or higher.

[0,2021.10.0)