oneflow@0.8.0 vulnerabilities

latest version

0.9.0
first published

3 years ago
latest version published

2 years ago
licenses detected
- Unknown
  [0,)
View oneflow package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the oneflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Resource Exhaustion Affected versions of this package are vulnerable to Resource Exhaustion through the `scatter_nd` parameter. An attacker can disrupt service by providing an index parameter that exceeds the allowable range of the shape. How to fix Resource Exhaustion? There is no fixed version for `oneflow`.	[0,)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when the `index` as a negative number exceeds the range of size. An attacker can disrupt service availability by supplying a negative index value that is out of bounds. How to fix Denial of Service (DoS)? There is no fixed version for `oneflow`.	[0,)
M Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation in the `oneflow.eye` function. An attacker can manipulate the output or cause unexpected behavior by supplying crafted floating-point values. How to fix Improper Input Validation? There is no fixed version for `oneflow`.	[0,)
H Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation via the `oneflow.zeros/ones` parameter. An attacker can disrupt service availability by inputting negative values. How to fix Improper Input Validation? There is no fixed version for `oneflow`.	[0,)
H Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation through the `dim` parameter. An attacker can disrupt service availability by inputting a negative value. How to fix Improper Input Validation? There is no fixed version for `oneflow`.	[0,)
H Improper Input Validation Affected versions of this package are vulnerable to Improper Input Validation via the `oneflow.full` parameter. An attacker can disrupt service availability by inputting a negative value. How to fix Improper Input Validation? There is no fixed version for `oneflow`.	[0,)
M Incorrect Calculation Affected versions of this package are vulnerable to Incorrect Calculation due to an issue in the `permute` component. An attacker can exploit this vulnerability by performing operations on the same dimension. How to fix Incorrect Calculation? There is no fixed version for `oneflow`.	[0,)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) via the `oneflow.index_select` parameter. An attacker can disrupt service availability by inputting a negative value. How to fix Denial of Service (DoS)? There is no fixed version for `oneflow`.	[0,)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when an empty array is processed using the `oneflow.tensordot` function. An attacker can disrupt service availability by sending specially crafted inputs that exploit this flaw. How to fix Denial of Service (DoS)? There is no fixed version for `oneflow`.	[0,)
H Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) when an empty array is processed with `oneflow.dot`. An attacker can disrupt service by sending specially crafted inputs that lead to system unavailability. How to fix Denial of Service (DoS)? There is no fixed version for `oneflow`.	[0,)

Go back to all versions of this package

oneflow@0.8.0 vulnerabilities

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities