PYSEC-2021-855 — Vulnetix

PYSEC-2021-855 PUBLISHED

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.

Affected Products

Vendor	Product	Versions
PyPI	numpy	1.9.0, 1.9.1, 1.9.2

Timeline

Dec 17, 2021 CVE Published
Nov 8, 2023 CVE Updated

References

https://github.com/advisories/GHSA-fpfv-jqm9-f5jm advisory
https://github.com/numpy/numpy/issues/18993 discussion

Open in Interactive Console →