greykite@0.5.1 vulnerabilities

A python package for flexible forecasting

Direct Vulnerabilities

Known vulnerabilities in the greykite package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Unrestricted Upload of File with Dangerous Type

greykite is an A python package for flexible forecasting

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type via the load_obj function at /templates/pickle_utils.py due to improper user input sanitization. Based on library usage, which is aimed at developers for forecasting purposes, exploiting this vulnerability is possible if the attacker tricks the developer (through social engineering, etc.) into deserializing a crafted malicious file. In other cases, it's exploitable if the library is used in applications that might handle user-generated content without proper validation, and the attacker can control the dir_name parameter of the load_obj function.

Exploiting this vulnerability might result in code execution.

How to fix Unrestricted Upload of File with Dangerous Type?

There is no fixed version for greykite.

[0,)