{"id":"PYSEC-2021-855","details":"Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.","aliases":["CVE-2021-34141","GHSA-fpfv-jqm9-f5jm"],"modified":"2023-11-08T04:06:07.388275Z","published":"2021-12-17T19:15:00Z","references":[{"type":"REPORT","url":"https://github.com/numpy/numpy/issues/18993"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-fpfv-jqm9-f5jm"}],"affected":[{"package":{"name":"numpy","ecosystem":"PyPI","purl":"pkg:pypi/numpy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.9.0"},{"fixed":"1.10.0"}]}],"versions":["1.9.0","1.9.1","1.9.2","1.9.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/numpy/PYSEC-2021-855.yaml"}}],"schema_version":"1.7.3"}