{"id":"PYSEC-2023-81","details":"A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.","aliases":["CVE-2023-2970","GHSA-x67g-47p3-rc7f"],"modified":"2025-10-09T08:24:50.809442Z","published":"2023-05-30T06:16:00Z","references":[{"type":"WEB","url":"https://vuldb.com/?ctiid.230176"},{"type":"WEB","url":"https://vuldb.com/?id.230176"},{"type":"WEB","url":"https://gitee.com/mindspore/mindspore/issues/I73DOS"},{"type":"WEB","url":"https://gitee.com/mindspore/mindspore/commit/30f4729ea2c01e1ed437ba92a81e2fc098d608a9"}],"affected":[{"package":{"name":"mindspore","ecosystem":"PyPI","purl":"pkg:pypi/mindspore"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.2.0","0.3.1","0.7.0","1.0.0","1.0.1","1.1.0","1.1.1","1.10.0","1.2.0","1.2.1","1.3.0","1.5.2","1.6.2","1.7.0","1.8.0","1.8.1","1.9.0","2.0.0a0","2.0.0rc1","2.0.0","2.3.0","2.4.0","2.4.1","2.4.10","2.5.0","2.6.0","2.6.0rc1","2.7.0","2.7.0rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/mindspore/PYSEC-2023-81.yaml"}}],"schema_version":"1.7.3"}