mosaicml@0.2.3 vulnerabilities

Composer is a PyTorch library that enables you to train neural networks faster, at lower cost, and to higher accuracy.

Direct Vulnerabilities

Known vulnerabilities in the mosaicml package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Arbitrary Code Execution

mosaicml is a Composer is a PyTorch library that enables you to train neural networks faster, at lower cost, and to higher accuracy.

Affected versions of this package are vulnerable to Arbitrary Code Execution due to not restricting the types of files that can be loaded.

How to fix Arbitrary Code Execution?

Upgrade mosaicml to version 0.5.0 or higher.

[,0.5.0)
  • M
Race Condition

mosaicml is a Composer is a PyTorch library that enables you to train neural networks faster, at lower cost, and to higher accuracy.

Affected versions of this package are vulnerable to Race Condition via the Object Store Logger in post_close where the workers could be shut down before all files were enqueued, due to the same flag being used multiple times.

How to fix Race Condition?

Upgrade mosaicml to version 0.9.0 or higher.

[,0.9.0)