Описание
mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.
Ссылки
- Patch
- Vendor Advisory
- Patch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.8.34 (включая) до 0.8.72 (исключая)
cpe:2.3:a:mage:mage-ai:*:*:*:*:*:python:*:*
EPSS
Процентиль: 35%
0.00143
Низкий
5.9 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-306
Связанные уязвимости
EPSS
Процентиль: 35%
0.00143
Низкий
5.9 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-306