Impact
PyTorch reported a critical vulnerability when using torch.load, even with option weights_only=True, for torch<=2.5.1.
In scio<=1.0.0, the lower bound for torch is 2.3.
Patches
The lower bound was changed to torch>=2.6, starting from scio>=1.0.1 (currently in dev state).
Workarounds
You can manually check that you are using torch>=2.6.
References
GHSA-53q9-r3pm-6pq6
eliegoudout Reporter
Impact
PyTorch reported a critical vulnerability when using
torch.load, even with optionweights_only=True, fortorch<=2.5.1.In
scio<=1.0.0, the lower bound fortorchis2.3.Patches
The lower bound was changed to
torch>=2.6, starting fromscio>=1.0.1(currently in dev state).Workarounds
You can manually check that you are using
torch>=2.6.References
GHSA-53q9-r3pm-6pq6