Kedro 路径遍历漏洞

Kedro is an open-source production-ready data science toolkit developed by Kedro. Versions prior to Kedro 1.3.0 contained a path traversal vulnerability. This vulnerability stemmed from the getversionedpath method not clearing the version string provided by the user, allowing for path traversal a...

GHSA-RM69-WVPV-R2W7 Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...