Опубликовано: 07 июл. 2025
Источник: github
Github: Прошло ревью
CVSS4: 4.4
CVSS3: 7.5
Описание
Dagster vulnerable to Path Traversal attack through its /logs endpoint
Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.10 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot ('.').
Пакеты
Наименование
dagster
pip
Затронутые версииВерсия исправления
< 1.5.11
1.5.11
Связанные уязвимости
CVSS3: 7.5
nvd
7 месяцев назад
Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot ('.').