Описание
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.
Ссылки
- Patch
- Release Notes
- Release Notes
- Vendor Advisory
- Patch
- Release Notes
- Release Notes
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.2.0 (включая) до 1.5.1 (включая)
cpe:2.3:a:amazon:aws-dataall:*:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02449
Низкий
8 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-94
EPSS
Процентиль: 85%
0.02449
Низкий
8 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-94