pro_gan_pytorch icon indicating copy to clipboard operation
pro_gan_pytorch copied to clipboard

Published 20 hours ago verified publisher icon akanimax

Could you help upgrade the vulnerble dependency in pro-gan-pth

Open JoeGardner000 opened this issue 3 years ago • 1 comments

Hi, @tomasheiskanen ,@akanimax , I'd like to report a vulnerability issue in pro-gan-pth_3.4.

Issue Description

I noticed that pro-gan-pth_3.4 directly depends on opencv-python_4.5.4.60. However, opencv-python_4.5.4.60 sufferes from the vulnerabilites which the C libraries exposed as following dependency graph shows. Refer to issue.

Dependency Graph between Python and Shared Libraries

image

Suggested Vulnerability Patch Versions

opencv-python has upgraded these vulnerable C libraries to patch versions in release 4.5.5.64.

Python build tools cannot report vulnerable C libraries, which may induce potential security issues to many downstream Python projects. Could you please upgrade this vulnerable dependency?

Thanks for your help~ Best regards, JoeGardner

JoeGardner000 avatar Apr 05 '22 11:04 JoeGardner000

@JoeGardner000,

Thanks for the clear issue report. I am only using the opencv for writing the video in the script pro_gan_pytorch_scripts/latent_space_interpolation.py, so it won't be cumbersome to get rid of this exposed vulnerability.

  1. Have you tried just using version 4.5.5.64 instead of the listed 4.5.4.60? I believe it should just work, so that only means updating the requirements.txt file :smile:.
  2. If it doesn't work or it's not worth the effort, then we could switch to something simpler like imageio.mimwrite etc.

Hope this helps.

Cheers :beers:!

akanimax avatar Apr 08 '22 10:04 akanimax

Closing this issue due to inactivity.

akanimax avatar Oct 19 '22 12:10 akanimax