Vulnerability	Vulnerable Version
M Incorrect Access Control dask is a Parallel PyData with Task Scheduling Affected versions of this package are vulnerable to Incorrect Access Control. Single machine Dask clusters started with `dask.distributed.LocalCluster` or `dask.distributed.Client` (which defaults to using `LocalCluster`) would mistakenly configure their respective Dask workers to listen on external interfaces rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by an attacker to achieve remote code execution. How to fix Incorrect Access Control? Upgrade `dask` to version 2021.10.0 or higher.	[0,2021.10.0)

Incorrect Access Control

dask is a Parallel PyData with Task Scheduling

Affected versions of this package are vulnerable to Incorrect Access Control. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by an attacker to achieve remote code execution.

How to fix Incorrect Access Control?

Upgrade dask to version 2021.10.0 or higher.

[0,2021.10.0)

Go back to all versions of this package