3 matches found
corradin-opioid-project (=0.1.0), eensight (>=1.0.0 <=1.0.2) +48 more potentially affected by CVE-2026-35171 via kedro (>=0.15.9 <=1.0.0)
kedro PYPI version =0.15.9, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.3.0, =0.5.1 and more Source cves: CVE-2026-35171 Source advisory: OSV:PYSEC-2026-72...
CVE-2026-35171
Kedro prior to version 1.3.0 is vulnerable to remote code execution via unsafe use of logging.config.dictConfig() with user-controlled input. The logging config path can be set through the KEDRO_LOGGING_CONFIG environment variable and is loaded without validation. The schema allows the special ()...
corradin-opioid-project (=0.1.0), eensight (>=1.0.0 <=1.0.2) +48 more potentially affected by CVE-2026-35171 via kedro (>=0.15.9 <=1.0.0)
kedro PYPI version =0.15.9, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.3.0, =0.5.1 and more Source cves: CVE-2026-35171 Source advisory: OSV:GHSA-9CQF-439C-J96R...