scipy@1.4.0 vulnerabilities

Fundamental algorithms for scientific computing in Python

Direct Vulnerabilities

Known vulnerabilities in the scipy package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Use After Free

Affected versions of this package are vulnerable to Use After Free via the Py_FindObjects() function.

Note:

According to the maintainer, this issue is not to be considered a vulnerability.

How to fix Use After Free?

Upgrade scipy to version 1.8.0 or higher.

[,1.8.0)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS). A refcounting issue which leads to potential memory leak was discovered via the Py_FindObjects() function.

How to fix Denial of Service (DoS)?

Upgrade scipy to version 1.10.0rc1 or higher.

[,1.10.0rc1)