CVE-2021-39158
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
NVCaffe's python required dependencies list used to contain gfortranversion prior to 0.17.4, entry which does not exist in the repository pypi.org. An attacker could potentially have posted malicious files to pypi.org causing a user to install it within NVCaffe.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NVIDIA | caffe | <= 0.17.4 | affected |
Weaknesses
- CWE-345: CWE-345: Insufficient Verification of Data Authenticity
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.