Homepage
About Snyk

skops@0.10.0 vulnerabilities

A set of tools to push scikit-learn based models to and pull from Hugging Face Hub

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the skops package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Deserialization of Untrusted Data

skops is an A set of tools to push scikit-learn based models to and pull from Hugging Face Hub

Affected versions of this package are vulnerable to Deserialization of Untrusted Data. When loading nodes of type OperatorFuncNode, Skops allows a model to call functions from within the operator module, specifying both the function and the arguments being passed to it. This system allows an attacker to craft a specialized payload in the form of a model that allows for arbitrary code execution to occur when a malicious model is loaded and compiled.

How to fix Deserialization of Untrusted Data?

There is no fixed version for skops.

[0,)
Go back to all versions of this package