dirac@8.0.0a23 vulnerabilities

DIRAC is an interware, meaning a software framework for distributed computing.

Direct Vulnerabilities

Known vulnerabilities in the dirac package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Exposure of Resource to Wrong Sphere

DIRAC is an interware, meaning a software framework for distributed computing.

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere during the proxy generation process, it is possible for unauthorized users on the same machine to gain read access to the proxy. This allows the user to then perform any action that is possible with the original proxy.

Note: This vulnerability only exists for a short period of time (sub-millsecond) during the generation process.

How to fix Exposure of Resource to Wrong Sphere?

Upgrade DIRAC to version 8.0.41 or higher.

[,8.0.41)
  • M
Insecure Permissions

DIRAC is an interware, meaning a software framework for distributed computing.

Affected versions of this package are vulnerable to Insecure Permissions due to not using safe mode for grid-security directories.

How to fix Insecure Permissions?

Upgrade DIRAC to version 8.0.2 or higher.

[,8.0.2)