64 matches found
feast 代码问题漏洞
feast is an AI/ML open source function library from Feast Open Source. A code issue vulnerability exists in feast version 0.53.0, which stems from improper YAML deserialization and could lead to remote code execution...
PT-2026-1002
Name of the Vulnerable Software and Affected Versions feast-dev/feast version 0.53.0 Description A high-severity remote code execution issue exists in the Kubernetes materializer job located at feast/sdk/python/feast/infra/compute engines/kubernetes/main.py. The problem stems from using...
EUVD-2025-7022
Malicious code in bioql PyPI...
Malicious code in test-mlw2-feast-brace (npm)
The package test-mlw2-feast-brace was found to contain malicious code...
MAL-2025-35322 Malicious code in test-mlw2-feast-brace (npm)
The package test-mlw2-feast-brace was found to contain malicious code...
Malicious code in feast-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3992 Malicious code in feast-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-11602
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
elemeno-ai-sdk (>=0.3.1 <=0.6.11), feast-gridgain (=1.0.0) +6 more potentially affected by CVE-2024-11602 via feast (>=0.24.1 <=0.39.1)
feast PYPI version =0.24.1, =0.3.1, =1.0.0, =0.1.0, =0.0.1, =0.0.23 Source cves: CVE-2024-11602 Source advisory: OSV:GHSA-WXPC-2674-RXVW...
cbtham-feast-az-provider (=0.2.299), elemeno-ai-sdk (>=0.0.5 <=0.6.11) +26 more potentially affected by CVE-2024-11602 via feast (>=0.14.1 <=0.9.9)
feast PYPI version =0.14.1, =0.0.5, =0.0.1, =0.1.0, =0.1.0, =0.3.0, =0.1.1, =0.1.0, =0.0.2, =1.0.0, =1.0.0, =0.1.0, =0.4.0rc1 - mlops-ods =0.1.202406281646 and more Source cves: CVE-2024-11602 Source advisory: SNYK:PYTHON-FEAST-9510933...
Origin Validation Error
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Origin Validation Error due to improper CORS configuration on the server. An attacker can bypass security controls and potentially access sensitive information by sending requests from unauthorized origin...
GHSA-WXPC-2674-RXVW Feast Cross-Origin Resource Sharing vulnerability
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
Feast Cross-Origin Resource Sharing vulnerability
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
CVE-2024-11602
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
CVE-2024-11602 CORS Vulnerability in feast-dev/feast
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
CVE-2024-11602 CORS Vulnerability in feast-dev/feast
A Cross-Origin Resource Sharing CORS vulnerability exists in feast-dev/feast version 0.40.0. The CORS configuration on the agentscope server does not properly restrict access to only trusted origins, allowing any external domain to make requests to the API. This can bypass intended security...
CVE-2024-11602
CVE-2024-11602 affects feast-dev/feast v0.40.0. The CORS configuration on the agentscope server does not restrict access to trusted origins, allowing requests from any external domain. This can bypass security controls and potentially expose sensitive information. The provided documents do not sp...
feast 访问控制错误漏洞
feast is an AI/ML open source function library from Feast Open Source. An access control error vulnerability exists in feast version 0.40.0, which stems from a misconfiguration of CORS and could lead to the disclosure of sensitive information...
elemeno-ai-sdk (>=0.0.77 <=0.6.11), elemeno-mlops-cli (>=0.0.1 <=0.0.4) +12 more potentially affected by unknown CVE via feast (>=0.14.1 <=0.39.1)
feast PYPI version =0.14.1, =0.0.77, =0.0.1, =0.1.0, =0.3.0, =0.0.2, =1.0.0, =0.1.0, =0.0.1, =0.0.23 Source cves: unknown CVE Source advisory: SNYK:PYTHON-FEAST-8400488...
Cross-site Scripting (XSS)
Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Cross-site Scripting XSS in Jinja2 Environment. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an otherwise trusted website. The...