oneflow@0.7.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the oneflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Resource Exhaustion

Affected versions of this package are vulnerable to Resource Exhaustion through the scatter_nd parameter. An attacker can disrupt service by providing an index parameter that exceeds the allowable range of the shape.

How to fix Resource Exhaustion?

There is no fixed version for oneflow.

[0,)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when the index as a negative number exceeds the range of size. An attacker can disrupt service availability by supplying a negative index value that is out of bounds.

How to fix Denial of Service (DoS)?

There is no fixed version for oneflow.

[0,)
  • M
Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation in the oneflow.eye function. An attacker can manipulate the output or cause unexpected behavior by supplying crafted floating-point values.

How to fix Improper Input Validation?

There is no fixed version for oneflow.

[0,)
  • H
Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation via the oneflow.zeros/ones parameter. An attacker can disrupt service availability by inputting negative values.

How to fix Improper Input Validation?

There is no fixed version for oneflow.

[0,)
  • H
Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation through the dim parameter. An attacker can disrupt service availability by inputting a negative value.

How to fix Improper Input Validation?

There is no fixed version for oneflow.

[0,)
  • H
Improper Input Validation

Affected versions of this package are vulnerable to Improper Input Validation via the oneflow.full parameter. An attacker can disrupt service availability by inputting a negative value.

How to fix Improper Input Validation?

There is no fixed version for oneflow.

[0,)
  • M
Incorrect Calculation

Affected versions of this package are vulnerable to Incorrect Calculation due to an issue in the permute component. An attacker can exploit this vulnerability by performing operations on the same dimension.

How to fix Incorrect Calculation?

There is no fixed version for oneflow.

[0,)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via the oneflow.index_select parameter. An attacker can disrupt service availability by inputting a negative value.

How to fix Denial of Service (DoS)?

There is no fixed version for oneflow.

[0,)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when an empty array is processed using the oneflow.tensordot function. An attacker can disrupt service availability by sending specially crafted inputs that exploit this flaw.

How to fix Denial of Service (DoS)?

There is no fixed version for oneflow.

[0,)
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) when an empty array is processed with oneflow.dot. An attacker can disrupt service by sending specially crafted inputs that lead to system unavailability.

How to fix Denial of Service (DoS)?

There is no fixed version for oneflow.

[0,)