dirac@7.3.0a3 vulnerabilities

DIRAC is an interware, meaning a software framework for distributed computing.

Direct Vulnerabilities

Known vulnerabilities in the dirac package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Exposure of Resource to Wrong Sphere

DIRAC is an interware, meaning a software framework for distributed computing.

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere during the proxy generation process, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.

Note: This vulnerability only exists for a short period of time (sub-millsecond) during the generation process.

How to fix Exposure of Resource to Wrong Sphere?

Upgrade DIRAC to version 8.0.41 or higher.

  • M
Race Condition

DIRAC is an interware, meaning a software framework for distributed computing.

Affected versions of this package are vulnerable to Race Condition in FTS3DB.getNonFinishedOperations when running multiple FTS3Agents in parallel.

How to fix Race Condition?

Upgrade DIRAC to version 8.0.0a19 or higher.

  • M
Insecure Permissions

DIRAC is an interware, meaning a software framework for distributed computing.

Affected versions of this package are vulnerable to Insecure Permissions due to not using safe mode for grid-security directories.

How to fix Insecure Permissions?

Upgrade DIRAC to version 8.0.2 or higher.

  • H
Arbitrary Code Execution

DIRAC is an interware, meaning a software framework for distributed computing.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to missing validation of cl parameter in JEncode.

How to fix Arbitrary Code Execution?

Upgrade DIRAC to version 8.0.0a13 or higher.
