snorkel 0.9.7

Direct Vulnerabilities

Known vulnerabilities in the snorkel package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the `load` function of the `BaseLabeler` class, which uses the `pickle.load` method on user-supplied file paths without validation or security controls. An attacker can achieve arbitrary code execution by supplying a maliciously crafted pickle file that is deserialized by the vulnerable method. How to fix Deserialization of Untrusted Data? There is no fixed version for `snorkel`.	[0,)
H Deserialization of Untrusted Data snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the `Trainer.load` function. An attacker can execute arbitrary code by supplying a maliciously crafted model file that is deserialized when loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `snorkel`.	[0,)
H Deserialization of Untrusted Data snorkel is an A system for quickly generating training data with weak supervision Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the `MultitaskClassifier.load` function. An attacker can execute arbitrary code by supplying a maliciously crafted model file that is deserialized when loaded. How to fix Deserialization of Untrusted Data? There is no fixed version for `snorkel`.	[0,)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

snorkel is an A system for quickly generating training data with weak supervision

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the load function of the BaseLabeler class, which uses the pickle.load method on user-supplied file paths without validation or security controls. An attacker can achieve arbitrary code execution by supplying a maliciously crafted pickle file that is deserialized by the vulnerable method.

How to fix Deserialization of Untrusted Data?

There is no fixed version for snorkel.

[0,)

Deserialization of Untrusted Data

snorkel is an A system for quickly generating training data with weak supervision

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Trainer.load function. An attacker can execute arbitrary code by supplying a maliciously crafted model file that is deserialized when loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for snorkel.

[0,)

Deserialization of Untrusted Data

snorkel is an A system for quickly generating training data with weak supervision

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MultitaskClassifier.load function. An attacker can execute arbitrary code by supplying a maliciously crafted model file that is deserialized when loaded.

How to fix Deserialization of Untrusted Data?

There is no fixed version for snorkel.

[0,)

snorkel@0.9.7

A system for quickly generating training data with weak supervision

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically