<p>There is no fixed version for <code>oneflow</code>.</p>

Resource Exhaustion Affecting oneflow package, versions [0,]

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PYTHON-ONEFLOW-7231122
published 10 Jun 2024
disclosed 6 Jun 2024
credit Redmept1on

Report a new vulnerability Found a mistake?

Introduced: 6 Jun 2024

CVE-2024-36742 Open this link in a new tab CWE-400 Open this link in a new tab

How to fix?

There is no fixed version for oneflow.

Overview

Affected versions of this package are vulnerable to Resource Exhaustion through the scatter_nd parameter. An attacker can disrupt service by providing an index parameter that exceeds the allowable range of the shape.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

None
Integrity (I)

None
Availability (A)

High

Resource Exhaustion Affecting oneflow package, versions [0,]

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 6 Jun 2024

How to fix?

Overview

References

CVSS Scores

Snyk