PT-2020-17858 · Limdu · Limdu
Published
2020-06-22
·
Updated
2020-06-30
·
CVE-2020-4066
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Limdu versions prior to 0.95
Description
The
trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.Recommendations
For versions prior to 0.95, update to version 0.95 to resolve the issue.
As a temporary workaround, consider not using
trainBatch with classifiers that rely on shell execution, such as SVM Perf, SVM Linear, or Adaboost.Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Limdu