GHSA-fpfv-jqm9-f5jm

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-fpfv-jqm9-f5jm/GHSA-fpfv-jqm9-f5jm.json
Aliases
  • CVE-2021-34141
Published
2021-12-18T00:00:41Z
Modified
2022-06-21T20:32:07.059921Z
Details

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.

References

Affected packages

PyPI / numpy

numpy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
1.22

Affected versions

0.*

0.9.6
0.9.8

1.*

1.0
1.0.3
1.0.4
1.0b1
1.0b4
1.0b5
1.0rc1
1.0rc2
1.0rc3
1.1.1
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.11.0
1.11.1
1.11.2
1.11.3
1.12.0
1.12.1
1.13.0
1.13.0rc1
1.13.0rc2
1.13.1
1.13.3
1.14.0
1.14.0rc1
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6
1.15.0
1.15.0rc1
1.15.0rc2
1.15.1
1.15.2
1.15.3
1.15.4
1.16.0
1.16.0rc1
1.16.0rc2
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.17.0
1.17.0rc1
1.17.0rc2
1.17.1
1.17.2
1.17.3
1.17.4
1.17.5
1.18.0
1.18.0rc1
1.18.1
1.18.2
1.18.3
1.18.4
1.18.5
1.19.0
1.19.0rc1
1.19.0rc2
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.2.0
1.2.1
1.20.0
1.20.0rc1
1.20.0rc2
1.20.1
1.20.2
1.20.3
1.21.0
1.21.0rc1
1.21.0rc2
1.21.1
1.21.2
1.21.3
1.21.4
1.21.5
1.21.6
1.22.0rc1
1.22.0rc2
1.22.0rc3
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6.0
1.6.1
1.6.2
1.7.0
1.7.1
1.7.2
1.8.0
1.8.1
1.8.2
1.9.0
1.9.1
1.9.2
1.9.3

Database specific

{
    "last_known_affected_version_range": "<= 1.21.6"
}