Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in kedro-org/kedro
Vulnerability Description
In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machine.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Kedro 输入验证错误漏洞
Vulnerability Description
Kedro是Kedro开源的一个生产就绪数据科学的工具箱。 Kedro 0.19.8版本存在输入验证错误漏洞,该漏洞源于pull_package函数执行setup.py文件,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A