6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
Vulnerability CVE-2019-1010266 in lodash
CVEID:CVE-2019-1010266
**DESCRIPTION:**lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168402 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM PowerAI | 1.6.2 |
The 1.6.2 ifix has been delivered by an updated package set. Obtaining the latest packages from the WML CE channel will ensure that you have the ifix installed.
As noted, the latest package versions available contain the fixes, so new installations or new conda environments will automatically install the patched versions. Conda strict channel priority is recommended when using WML CE.
$ cat .condarc
channels:
- https://public.dhe.ibm.com/ibmdl/export/pub/software/server/ibm-ai/conda
- defaults
channel_priority: strict
conda create -n my_env python=3.6
conda activate my_env
conda install powerai=1.6.2
or
conda create -n my_env python=3.6
conda activate my_env
conda install tensorboard
It is recommended that you keep packages up to date. To update all packages to the latest versions, run:
conda update --all
To update individual packages, use the package name:
conda update tensorboard
If you have previously installed WML CE using the powerai
meta-package, you can also use that to update to the latest packages.
conda update powerai
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm powerai | eq | 1.6.2 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P