CVE-2021-39158

Name of the Vulnerable Software and Affected Versions NVCaffe versions prior to 0.17.4

Description The issue arises from NVCaffe's python required dependencies list containing a reference to gfortran, which does not exist in the pypi.org repository. This could have allowed an attacker to post malicious files to pypi.org, potentially causing a user to install them within NVCaffe.

Recommendations For versions prior to 0.17.4, update to version 0.17.4 or later to resolve the issue. As a temporary workaround, consider restricting the installation of dependencies from untrusted sources to minimize the risk of exploitation.