Lucene search
K

64 matches found

CNNVD
CNNVD
added 2026/01/01 12:0 a.m.5 views

feast 代码问题漏洞

feast is an AI/ML open source function library from Feast Open Source. A code issue vulnerability exists in feast version 0.53.0, which stems from improper YAML deserialization and could lead to remote code execution...

7.8CVSS8AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.15 views

PT-2026-1002

Name of the Vulnerable Software and Affected Versions feast-dev/feast version 0.53.0 Description A high-severity remote code execution issue exists in the Kubernetes materializer job located at feast/sdk/python/feast/infra/compute engines/kubernetes/main.py. The problem stems from using...

7.8CVSS8.1AI score0.00264EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7022

Malicious code in bioql PyPI...

7.4CVSS7.5AI score0.00283EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in test-mlw2-feast-brace (npm)

The package test-mlw2-feast-brace was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-35322 Malicious code in test-mlw2-feast-brace (npm)

The package test-mlw2-feast-brace was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/19 8:0 a.m.4 views

Malicious code in feast-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/05/19 8:0 a.m.5 views

MAL-2025-3992 Malicious code in feast-polyfill (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/22 11:35 a.m.10 views

CVE-2024-11602

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS6.9AI score0.00283EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.6 views

elemeno-ai-sdk (>=0.3.1 <=0.6.11), feast-gridgain (=1.0.0) +6 more potentially affected by CVE-2024-11602 via feast (>=0.24.1 <=0.39.1)

feast PYPI version =0.24.1, =0.3.1, =1.0.0, =0.1.0, =0.0.1, =0.0.23 Source cves: CVE-2024-11602 Source advisory: OSV:GHSA-WXPC-2674-RXVW...

7.4CVSS7.1AI score0.00283EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.3 views

cbtham-feast-az-provider (=0.2.299), elemeno-ai-sdk (>=0.0.5 <=0.6.11) +26 more potentially affected by CVE-2024-11602 via feast (>=0.14.1 <=0.9.9)

feast PYPI version =0.14.1, =0.0.5, =0.0.1, =0.1.0, =0.1.0, =0.3.0, =0.1.1, =0.1.0, =0.0.2, =1.0.0, =1.0.0, =0.1.0, =0.4.0rc1 - mlops-ods =0.1.202406281646 and more Source cves: CVE-2024-11602 Source advisory: SNYK:PYTHON-FEAST-9510933...

7.4CVSS7AI score0.00283EPSS
Exploits0
Snyk
Snyk
added 2025/03/20 12:32 p.m.5 views

Origin Validation Error

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Origin Validation Error due to improper CORS configuration on the server. An attacker can bypass security controls and potentially access sensitive information by sending requests from unauthorized origin...

7.4CVSS6.7AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 12:32 p.m.6 views

GHSA-WXPC-2674-RXVW Feast Cross-Origin Resource Sharing vulnerability

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS7.1AI score0.00283EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.14 views

Feast Cross-Origin Resource Sharing vulnerability

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS6.8AI score0.00283EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.5 views

CVE-2024-11602

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.7 views

CVE-2024-11602 CORS Vulnerability in feast-dev/feast

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.4 views

CVE-2024-11602 CORS Vulnerability in feast-dev/feast

A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...

7.4CVSS7.5AI score0.00283EPSS
Exploits0References1
CVE
CVE
added 2025/03/20 10:10 a.m.44 views

CVE-2024-11602

CVE-2024-11602 affects feast-dev/feast v0.40.0. The CORS configuration on the agentscope server does not restrict access to trusted origins, allowing requests from any external domain. This can bypass security controls and potentially expose sensitive information. The provided documents do not sp...

7.4CVSS7.5AI score0.00283EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

feast 访问控制错误漏洞

feast is an AI/ML open source function library from Feast Open Source. An access control error vulnerability exists in feast version 0.40.0, which stems from a misconfiguration of CORS and could lead to the disclosure of sensitive information...

7.4CVSS7.2AI score0.00283EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2024/11/01 6:31 a.m.4 views

elemeno-ai-sdk (>=0.0.77 <=0.6.11), elemeno-mlops-cli (>=0.0.1 <=0.0.4) +12 more potentially affected by unknown CVE via feast (>=0.14.1 <=0.39.1)

feast PYPI version =0.14.1, =0.0.77, =0.0.1, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.0.1, =0.0.23 Source cves: unknown CVE Source advisory: SNYK:PYTHON-FEAST-8400488...

5.7AI score
Exploits0
Snyk
Snyk
added 2024/11/01 6:31 a.m.6 views

Cross-site Scripting (XSS)

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Cross-site Scripting XSS in Jinja2 Environment. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The...

6.1CVSS5.3AI score
Exploits0References3
Rows per page
Query Builder