Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in kedro-org/kedro
Vulnerability Description
A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class uses Python's shelve module to manage session data, which relies on pickle for serialization. Crafting a malicious payload and storing it in the shelve file can lead to RCE when the payload is deserialized.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Kedro 代码问题漏洞
Vulnerability Description
Kedro是Kedro开源的一个生产就绪数据科学的工具箱。 Kedro 0.19.8版本存在代码问题漏洞,该漏洞源于反序列化恶意有效载荷,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A