Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-qv8j-hgpc-vrq8

Опубликовано: 20 фев. 2026
Источник: github
Github: Прошло ревью
CVSS4: 8.6

Описание

Google Cloud Vertex AI SDK affected by Stored Cross-Site Scripting (XSS)

Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

Ссылки

Пакеты

Наименование

google-cloud-aiplatform

pip
Затронутые версииВерсия исправления

>= 1.98.0, < 1.131.0

1.131.0

EPSS

Процентиль: 22%
0.00074
Низкий

8.6 High

CVSS4

CVE ID

CVE-2026-2472

Дефекты

CWE-79

Связанные уязвимости

redhat логотип

CVE-2026-2472

CVSS3: 8.1
redhat
около 1 месяца назад

Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

nvd логотип

CVE-2026-2472

nvd
около 1 месяца назад

Stored Cross-Site Scripting (XSS) in the _genai/_evals_visualization component of Google Cloud Vertex AI SDK (google-cloud-aiplatform) versions from 1.98.0 up to (but not including) 1.131.0 allows an unauthenticated remote attacker to execute arbitrary JavaScript in a victim's Jupyter or Colab environment via injecting script escape sequences into model evaluation results or dataset JSON data.

EPSS

Процентиль: 22%
0.00074
Низкий

8.6 High

CVSS4

CVE ID

CVE-2026-2472

Дефекты

CWE-79