Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.
numpy
{ "last_known_affected_version_range": "<= 1.21.6" }