Giter VIP home page Giter VIP logo

bpt's Introduction

Howdy! ๐Ÿ‘‹

My name is Scott, and I'm a Data Scientist, Consultant, and AI Researcher developing Artificial Intelligence, Machine Learning, and Statistical solutions in several industries, such as biotechnology, medical devices, and healthcare.

I receieved my Ph.D. from the University of Michigan, where I developed new Systems Biology models to identify cancer drug candidates that target metabolism (Publications). My work has been acknowledged by institutions such as the National Cancer Institute, the Department of Education, and the Arnold and Mabel Beckman Foundation, where I have earned several fellowships and scholarships to conduct independent research.

Nowadays, I'm a Data Scientist at RaLytics, where I'm heads down in AI R&D for a wide variety of company use-cases. Additionally, I have worked with several U.S. government, research, and private institutions as a consultant to offer insights, technical expertise, and develop new solutions on projects that catch my interests.

Some of my current projects include (but are not limited to):

  • Training and developing Vision-Language Models for chart reasoning and understanding ๐Ÿ“ˆ
  • Medical NLP development for entity identification, extraction, and summarization ๐Ÿ“„
  • Deploying statistical learning models for inferring patterns of care from claims data ๐Ÿฅ
  • Pose estimation applications for improving athletic performance ๐Ÿƒโ€โ™€๏ธ

Some past projects I have worked on include:

  • Leveraging LLMs for developing a personalized marketing platform ๐Ÿ“ง
  • Performing data analysis and creating data pipelines for healthcare-based datasets (claims, financial, EMRs, etc) ๐Ÿ—‚๏ธ
  • Establishing DataOps and MLOps best practices for model deployment and data processing โ˜๏ธ
  • Vision models to identify anatomical structures during surgical procedures ๐Ÿ˜ท
  • Developing bioinformatics pipelines (gene set enrichment analysis, protein expression network graphs, etc) for drug discovery ๐Ÿ’Š

โ˜• I'm always interested in chatting, colabs, and consulting gigs. If you're in the Bay Area and want to grab a coffee or just say hi, you can reach me at my email address or LinkedIn. For my writings about all things nerdy, you can check out my blog, which is currently undergoing some re-vamping.

bpt's People

Contributors

mend-bolt-for-github[bot] avatar scottcampit avatar

Watchers

avatar

bpt's Issues

ipython-7.34.0-py3-none-any.whl: 1 vulnerabilities (highest severity is: 7.0)

Vulnerable Library - ipython-7.34.0-py3-none-any.whl

IPython: Productive Interactive Computing

Library home page: https://files.pythonhosted.org/packages/7c/6a/1f1365f4bf9fcb349fcaa5b61edfcefa721aa13ff37c5631296b12fab8e5/ipython-7.34.0-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (ipython version) Remediation Possible**
CVE-2023-24816 High 7.0 ipython-7.34.0-py3-none-any.whl Direct 8.10.0 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-24816

Vulnerable Library - ipython-7.34.0-py3-none-any.whl

IPython: Productive Interactive Computing

Library home page: https://files.pythonhosted.org/packages/7c/6a/1f1365f4bf9fcb349fcaa5b61edfcefa721aa13ff37c5631296b12fab8e5/ipython-7.34.0-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Dependency Hierarchy:

  • โŒ ipython-7.34.0-py3-none-any.whl (Vulnerable Library)

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Found in base branch: master

Vulnerability Details

IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function IPython.utils.terminal.set_term_title be called on Windows in a Python environment where ctypes is not available. The dependency on ctypes in IPython.utils._process_win32 prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool set_term_title could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the IPython.utils.terminal.set_term_title function are done with trusted or filtered input.

Publish Date: 2023-02-10

URL: CVE-2023-24816

CVSS 3 Score Details (7.0)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-24816

Release Date: 2023-02-10

Fix Resolution: 8.10.0

Step up your Open Source Security Game with Mend here

numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl: 1 vulnerabilities (highest severity is: 5.3)

Vulnerable Library - numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

NumPy is the fundamental package for array computing with Python.

Library home page: https://files.pythonhosted.org/packages/6d/ad/ff3b21ebfe79a4d25b4a4f8e5cf9fd44a204adb6b33c09010f566f51027a/numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (numpy version) Remediation Possible**
CVE-2021-34141 Medium 5.3 numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl Direct 1.22.0 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2021-34141

Vulnerable Library - numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

NumPy is the fundamental package for array computing with Python.

Library home page: https://files.pythonhosted.org/packages/6d/ad/ff3b21ebfe79a4d25b4a4f8e5cf9fd44a204adb6b33c09010f566f51027a/numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Dependency Hierarchy:

  • โŒ numpy-1.21.6-cp37-cp37m-manylinux_2_12_x86_64.manylinux2010_x86_64.whl (Vulnerable Library)

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Found in base branch: master

Vulnerability Details

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."
Mend Note: After conducting further research, Mend has determined that versions 1.12.0 through 1.21.6 of numpy are vulnerable to CVE-2021-34141

Publish Date: 2021-12-17

URL: CVE-2021-34141

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34141

Release Date: 2021-12-17

Fix Resolution: 1.22.0

Step up your Open Source Security Game with Mend here

cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl: 4 vulnerabilities (highest severity is: 9.1)

Vulnerable Library - cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

cryptography is a package which provides cryptographic recipes and primitives to Python developers.

Library home page: https://files.pythonhosted.org/packages/fc/b2/3b946e24de214fc49adeefeea6214bcbc4bce2bd745877f074d1dd13c9a2/cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (cryptography version) Remediation Possible**
CVE-2023-49083 Critical 9.1 cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl Direct cryptography - 41.0.6 โŒ
CVE-2023-38325 High 7.5 cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl Direct 41.0.2 โŒ
CVE-2023-0286 High 7.4 cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl Direct openssl-3.0.8;cryptography - 39.0.1;openssl-src - 111.25.0+1.1.1t,300.0.12+3.0.8 โŒ
CVE-2023-23931 Medium 6.5 cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl Direct 39.0.1 โŒ

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2023-49083

Vulnerable Library - cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

cryptography is a package which provides cryptographic recipes and primitives to Python developers.

Library home page: https://files.pythonhosted.org/packages/fc/b2/3b946e24de214fc49adeefeea6214bcbc4bce2bd745877f074d1dd13c9a2/cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Dependency Hierarchy:

  • โŒ cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (Vulnerable Library)

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Found in base branch: master

Vulnerability Details

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

Publish Date: 2023-11-29

URL: CVE-2023-49083

CVSS 3 Score Details (9.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-49083

Release Date: 2023-11-29

Fix Resolution: cryptography - 41.0.6

Step up your Open Source Security Game with Mend here

CVE-2023-38325

Vulnerable Library - cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

cryptography is a package which provides cryptographic recipes and primitives to Python developers.

Library home page: https://files.pythonhosted.org/packages/fc/b2/3b946e24de214fc49adeefeea6214bcbc4bce2bd745877f074d1dd13c9a2/cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Dependency Hierarchy:

  • โŒ cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (Vulnerable Library)

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Found in base branch: master

Vulnerability Details

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

Publish Date: 2023-07-14

URL: CVE-2023-38325

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-38325

Release Date: 2023-07-14

Fix Resolution: 41.0.2

Step up your Open Source Security Game with Mend here

CVE-2023-0286

Vulnerable Library - cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

cryptography is a package which provides cryptographic recipes and primitives to Python developers.

Library home page: https://files.pythonhosted.org/packages/fc/b2/3b946e24de214fc49adeefeea6214bcbc4bce2bd745877f074d1dd13c9a2/cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Dependency Hierarchy:

  • โŒ cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (Vulnerable Library)

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Found in base branch: master

Vulnerability Details

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Publish Date: 2023-02-08

URL: CVE-2023-0286

CVSS 3 Score Details (7.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: GHSA-x4qr-2fvf-3mr5

Release Date: 2023-02-08

Fix Resolution: openssl-3.0.8;cryptography - 39.0.1;openssl-src - 111.25.0+1.1.1t,300.0.12+3.0.8

Step up your Open Source Security Game with Mend here

CVE-2023-23931

Vulnerable Library - cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

cryptography is a package which provides cryptographic recipes and primitives to Python developers.

Library home page: https://files.pythonhosted.org/packages/fc/b2/3b946e24de214fc49adeefeea6214bcbc4bce2bd745877f074d1dd13c9a2/cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /requirements.txt,/requirements.txt

Dependency Hierarchy:

  • โŒ cryptography-39.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (Vulnerable Library)

Found in HEAD commit: 300cd60a8d64abc0cd67bf827a5010971b28f220

Found in base branch: master

Vulnerability Details

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.

Publish Date: 2023-02-07

URL: CVE-2023-23931

CVSS 3 Score Details (6.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: Low
    • Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-23931

Release Date: 2023-02-07

Fix Resolution: 39.0.1

Step up your Open Source Security Game with Mend here

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.