CWE-120 on xgboost by dependency track


I figured out what xgboost package does not pass Dependency Tracker. There is indicated CWE-120 (Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)).
I can not point the exact code snippet with vulnerability so far.

Is that known issue?

No. A more detailed report will be appreciated. For example, what is Dependency Tracker?

Thank you for replying.

Dependency Track:
I am trying to get more specific information. As soon as I get it, I will provide here.

Guess this may be related:

1 Like