Количество 2
Количество 2
CVE-2024-12215
In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machine.
GHSA-rm69-wvpv-r2w7
Kedro allows Remote Code Execution by Pulling Micro Packages
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-12215 In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machine. | CVSS3: 8.8 | 1% Низкий | 11 месяцев назад |
| GHSA-rm69-wvpv-r2w7 Kedro allows Remote Code Execution by Pulling Micro Packages | CVSS3: 8.8 | 1% Низкий | 11 месяцев назад |
Уязвимостей на страницу