Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sensitive Data Leakage in sklearn.feature_extraction.text.TfidfVectorizer in scikit-learn/scikit-learn
Vulnerability Description
A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer.
CVSS Information
N/A
Vulnerability Type
在没有访问控制机制中存储敏感数据
Vulnerability Title
scikit-learn 安全漏洞
Vulnerability Description
scikit-learn是一款基于Python的开源机器学习程序包,它支持垃圾邮件检测、图像识别和关联的连续值属性预测等功能。 scikit-learn 1.4.1.post1及之前版本存在安全漏洞,该漏洞源于在stop_words_属性中意外存储了训练数据中存在的所有标记,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A