monai@1.5.0 vulnerabilities

AI Toolkit for Healthcare Imaging

1.5.0

5 years ago

3 months ago

Known vulnerabilities in the monai package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Zip Slip monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Zip Slip via the use of `zip_file.extractall(output_dir)`. An attacker can overwrite arbitrary files on the system by supplying a crafted zip archive containing files with path traversal sequences. This can be exploited remotely if a user loads and extracts a malicious zip file from an untrusted or compromised source. How to fix Zip Slip? There is no fixed version for `monai`.	[0,)
H Deserialization of Untrusted Data monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `load` function in the `bundle/scripts.py` file, which uses `torch.load` with `weights_only=True` parameter. An attacker can execute arbitrary commands by providing a malicious checkpoint file that is deserialized during model loading. How to fix Deserialization of Untrusted Data? There is no fixed version for `monai`.	[0,)
H Deserialization of Untrusted Data monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `pickle_operations` function, which use `pickle.loads()`. An attacker can execute arbitrary code by supplying crafted serialized data that is deserialized without validation. How to fix Deserialization of Untrusted Data? There is no fixed version for `monai`.	[0,)