{"id":"PYSEC-2019-107","details":"nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.","aliases":["CVE-2019-10844","GHSA-4q2w-rw7m-xqw6"],"modified":"2023-11-01T04:50:11.984147Z","published":"2019-04-04T05:29:00Z","references":[{"type":"REPORT","url":"https://github.com/sony/nnabla/issues/209"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-4q2w-rw7m-xqw6"}],"affected":[{"package":{"name":"nnabla","ecosystem":"PyPI","purl":"pkg:pypi/nnabla"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.15"}]}],"versions":["0.9.1rc3","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","1.0.0rc2","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.0.10.dev1","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/nnabla/PYSEC-2019-107.yaml"}}],"schema_version":"1.7.3"}