6 matches found
CVE-2026-41490
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
EUVD-2026-28368
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
dagster-deltalake-pandas (>=0.21.9 <=0.29.0), dagster-deltalake-polars (>=0.21.9 <=0.29.0) potentially affected by CVE-2026-41490 via dagster-deltalake (>=0.21.9 <=0.29.0)
dagster-deltalake PYPI version =0.21.9, =0.21.9, =0.21.9, =0.29.0 Source cves: CVE-2026-41490 Source advisory: OSV:GHSA-MJW2-V2HM-WJ34...
Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations
Summary The DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating dynamic partition key values into queries without escaping. A user with the Add Dynamic Partitions permission could create a partition key that injects arbitrary SQL, which would...
ai.chronon:flink_2.12 (>=0.0.62 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:online_2.12 (>=0.0.25 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +555 more potentially affected by CVE-2024-29869 via org.apache.hive:hive-exec (>=0.8.0 <=4.0.0)
org.apache.hive:hive-exec MAVEN version =0.8.0, =0.0.62, =0.0.25, =0.0.25, =0.0.86, =0.0.8, =0.0.6, =3.18.0.9, =6.5.0, =1.5.8, =0.2.7, =1.3.3, =1.4.0, =1.0.0, =2.0.0, =3.1.0 and more Source cves: CVE-2024-29869 Source advisory: OSV:GHSA-C476-J253-5RGQ...
arrow (>=0.14.0 <=4.4.0), arrow-flight (>=2.0.0 <=4.4.0) +73 more potentially affected by unknown CVE via flatbuffers (>=0.4.0 <=22.12.6)
flatbuffers CARGO version =0.4.0, =0.14.0, =2.0.0, =1.0.0, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.17.0, =0.1.1, =0.1.0, =0.1.0, =0.1.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3JCH-9QGP-4844...