petrobras / 3w Goto Github PK

Type: Regular
CVSS: 8.8
CWE ID: CWE-250
Severity: High
Date Published 2022-10-26T05:15:00Z
Description: Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in "jupyter_core" that stems from "jupyter_core" executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.
Affected packages: Python-jupyter-core-4.11.1

Type: Regular
CVSS: 5.3
CWE ID: CWE-400
Severity: Medium
Date Published 2022-11-14T06:26:00Z
Description: Pillow prior to 9.3.0 allows denial of service via SAMPLESPERPIXEL.
Affected packages: Python-Pillow-9.2.0

The notebook is invalid and is missing an expected key: metadata. Using nbformat v5.8.0 and nbconvert v7.2.7.

Some examples are init.py, dev.py, and misc.py. A general check is recommended.

License definition in init.py deviates from LICENSE.md.

Discussed in #54

This problem was discovered when dealing with PR #99. A first strategy is to replace the pandas_profiling package with the ydata-profiling package and check that André Machado's overview works completely.

I refer to a link in README.md.

Specification in requirements.txt is not enough to create a virtual environment with the packages required by 3W (toolkit and Jupyter Notebooks).

The versioning methodology for the 3W project and its main resources is not defined.

As explained here, the current default branch name on GitHub is main, and not master.

The first two links in pull_request_template.md are broken.

The sensor values of the simulated instances for event '8' are missing.

They don't have the original values that were available in the previous version (1.0.0), except for the P-PDG tag values, which remain the same.

While the observations' labels of simulated and hand-drawn instances are integers, those of real instances are floats.

Discussed in #5

The folds_clf_02.csv has missing instances.

Type: Regular
CVSS: 7
CWE ID: CWE-20, CWE-78
Severity: High
Date Published 2023-02-13
Description: IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function IPython.utils.terminal.set_term_title be called on Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool set_term_title could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the IPython.utils.terminal.set_term_title function are done with trusted or filtered input.
Affected packages: Ipython-8.5.0