greykite@0.1.1 vulnerabilities

A python package for flexible forecasting

latest version

1.0.0
first published

3 years ago
latest version published

4 months ago
licenses detected
- BSD-2-Clause
  [0,)
View greykite package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the greykite package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Unrestricted Upload of File with Dangerous Type greykite is an A python package for flexible forecasting Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via the `load_obj` function at `/templates/pickle_utils.py` due to improper user input sanitization. Based on library usage, which is aimed at developers for forecasting purposes, exploiting this vulnerability is possible if the attacker tricks the developer (through social engineering, etc.) into deserializing a crafted malicious file. In other cases, it's exploitable if the library is used in applications that might handle user-generated content without proper validation, and the attacker can control the `dir_name` parameter of the `load_obj` function. Exploiting this vulnerability might result in code execution. How to fix Unrestricted Upload of File with Dangerous Type? There is no fixed version for `greykite`.	[0,)

Unrestricted Upload of File with Dangerous Type

greykite is an A python package for flexible forecasting

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via the load_obj function at /templates/pickle_utils.py due to improper user input sanitization. Based on library usage, which is aimed at developers for forecasting purposes, exploiting this vulnerability is possible if the attacker tricks the developer (through social engineering, etc.) into deserializing a crafted malicious file. In other cases, it's exploitable if the library is used in applications that might handle user-generated content without proper validation, and the attacker can control the dir_name parameter of the load_obj function.

Exploiting this vulnerability might result in code execution.

How to fix Unrestricted Upload of File with Dangerous Type?

There is no fixed version for greykite.

[0,)

Go back to all versions of this package

greykite@0.1.1 vulnerabilities

A python package for flexible forecasting

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities