GHSA-fpfv-jqm9-f5jm

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-fpfv-jqm9-f5jm/GHSA-fpfv-jqm9-f5jm.json

Aliases

CVE-2021-34141

Published

2021-12-18T00:00:41Z

Modified

2022-06-21T20:32:07.059921Z

Details

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.

References

Affected packages

PyPI / numpy

numpy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0

Fixed

1.22

Affected versions

0.*

0.9.6

0.9.8

1.*

1.0

1.0.3

1.0.4

1.0b1

1.0b4

1.0b5

1.0rc1

1.0rc2

1.0rc3

1.1.1

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.11.0

1.11.1

1.11.2

1.11.3

1.12.0

1.12.1

1.13.0

1.13.0rc1

1.13.0rc2

1.13.1

1.13.3

1.14.0

1.14.0rc1

1.14.1

1.14.2

1.14.3

1.14.4

1.14.5

1.14.6

1.15.0

1.15.0rc1

1.15.0rc2

1.15.1

1.15.2

1.15.3

1.15.4

1.16.0

1.16.0rc1

1.16.0rc2

1.16.1

1.16.2

1.16.3

1.16.4

1.16.5

1.16.6

1.17.0

1.17.0rc1

1.17.0rc2

1.17.1

1.17.2

1.17.3

1.17.4

1.17.5

1.18.0

1.18.0rc1

1.18.1

1.18.2

1.18.3

1.18.4

1.18.5

1.19.0

1.19.0rc1

1.19.0rc2

1.19.1

1.19.2

1.19.3

1.19.4

1.19.5

1.2.0

1.2.1

1.20.0

1.20.0rc1

1.20.0rc2

1.20.1

1.20.2

1.20.3

1.21.0

1.21.0rc1

1.21.0rc2

1.21.1

1.21.2

1.21.3

1.21.4

1.21.5

1.21.6

1.22.0rc1

1.22.0rc2

1.22.0rc3

1.3.0

1.4.0

1.4.1

1.5.0

1.5.1

1.6.0

1.6.1

1.6.2

1.7.0

1.7.1

1.7.2

1.8.0

1.8.1

1.8.2

1.9.0

1.9.1

1.9.2

1.9.3

Database specific

{
    "last_known_affected_version_range": "<= 1.21.6"
}