Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2023-47248

Published: 09/11/2023 Updated: 29/11/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Pyarrow

Vulnerability Summary

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files). This vulnerability only affects PyArrow, not other Apache Arrow implementations or bindings. It is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon. If it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See pypi.org/project/pyarrow-hotfix/ for instructions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache pyarrow

Github Repositories

https://github.com/linhkolor/SalesPrediction_LightGBM

import numpy as np import pandas as pd df_train = pdread_csv('/Users/linhnguyen/Downloads/store-sales-time-series-forecasting/traincsv') df_test = pdread_csv('/Users/linhnguyen/Downloads/store-sales-time-series-forecasting/testcsv') df_stores = pdread_csv('/Users/linhnguyen/Downloads/store-sales-time-series-fo

https://github.com/linhkolor/BankChurn_CatBoost

Predicting Bank Churn with CatBoost Model Author: Linh Nguyen Project Overview In this project, I aim to predict bank customer churn using advanced machine learning techniques, particularly leveraging the CatBoostClassifier Customer churn, or the rate at which customers leave a service, is a critical concern for businesses, especially in the banking sector Identifying and und

https://github.com/pitrou/pyarrow-hotfix

PyArrow Hotfix Description This is a hotfix for the PyArrow security vulnerability CVE-2023-47248 We generally recommend upgrading to PyArrow 1401 or later, but if you cannot upgrade, this package disables the vulnerability on older versions Installation Use pip to install: pip install pyarrow_hotfix Note Both pyarrow-hotfix a

References

CWE-502https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7nhttps://github.com/apache/arrow/commit/f14170976372436ec1d03a724d8d3f3925484ecfhttps://pypi.org/project/pyarrow-hotfix/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FR34AIPXVTMB3XPRU5ULV5HHWPMRE33X/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MAGWEAJDWO2ACYATUQCPXLSYY5C3L3XU/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWFYXLVBTBHNKYRXI572RFX7IJDDQGBL/https://nvd.nist.govhttps://github.com/linhkolor/SalesPrediction_LightGBM
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook