wandb@0.10.0rc8 vulnerabilities

A CLI and library for interacting with the Weights & Biases API.

latest version

0.17.0
first published

7 years ago
latest version published

14 days ago
licenses detected
- MIT
  [0,)
View wandb package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the wandb package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Server-Side Request Forgery (SSRF) wandb is an A CLI and library for interacting with the Weights and Biases API. Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper handling of HTTP 302 redirects. An attacker can access internal HTTP(s) servers by exploiting this vulnerability through the 'User settings -> Webhooks' function. How to fix Server-Side Request Forgery (SSRF)? There is no fixed version for `wandb`.	[0,)
M Race Condition wandb is an A CLI and library for interacting with the Weights and Biases API. Affected versions of this package are vulnerable to Race Condition as a result of using the `tempfile.mktemp()` fuctions that returns a file name, which can potentially allow a malicious actor the replace the file before it is used with something else. How to fix Race Condition? Upgrade `wandb` to version 0.12.12 or higher.	[,0.12.12)

Server-Side Request Forgery (SSRF)

wandb is an A CLI and library for interacting with the Weights and Biases API.

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) due to improper handling of HTTP 302 redirects. An attacker can access internal HTTP(s) servers by exploiting this vulnerability through the 'User settings -> Webhooks' function.

How to fix Server-Side Request Forgery (SSRF)?

There is no fixed version for wandb.

[0,)

Race Condition

wandb is an A CLI and library for interacting with the Weights and Biases API.

Affected versions of this package are vulnerable to Race Condition as a result of using the tempfile.mktemp() fuctions that returns a file name, which can potentially allow a malicious actor the replace the file before it is used with something else.

How to fix Race Condition?

Upgrade wandb to version 0.12.12 or higher.

[,0.12.12)

Go back to all versions of this package

wandb@0.10.0rc8 vulnerabilities

A CLI and library for interacting with the Weights & Biases API.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities