15 matches found
PYSEC-2026-72
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...
corradin-opioid-project (=0.1.0), eensight (>=1.0.0 <=1.0.2) +48 more potentially affected by CVE-2026-35171 via kedro (>=0.15.9 <=1.0.0)
kedro PYPI version =0.15.9, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.3.0, =0.5.1 and more Source cves: CVE-2026-35171 Source advisory: OSV:PYSEC-2026-72...
CVE-2026-35171
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...
corradin-opioid-project (=0.1.0), eensight (>=1.0.0 <=1.0.2) +48 more potentially affected by CVE-2026-35167 via kedro (>=0.15.9 <=1.0.0)
kedro PYPI version =0.15.9, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.3.0, =0.5.1 and more Source cves: CVE-2026-35167 Source advisory: OSV:PYSEC-2026-71...
CVE-2026-35171
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...
corradin-opioid-project (=0.1.0), eensight (>=1.0.0 <=1.0.2) +48 more potentially affected by CVE-2026-35167 via kedro (>=0.15.9 <=1.0.0)
kedro PYPI version =0.15.9, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.3.0, =0.5.1 and more Source cves: CVE-2026-35167 Source advisory: OSV:GHSA-6326-W46W-PPJW...
PT-2026-30019
Name of the Vulnerable Software and Affected Versions Kedro versions prior to 1.3.0 Description Kedro is susceptible to a critical Remote Code Execution RCE issue stemming from the unsafe utilization of logging.config.dictConfig with user-controlled input. The software permits setting the logging...
EUVD-2025-7000
Malicious code in bioql PyPI...
Kedro deserialization vulnerability
A Remote Code Execution RCE vulnerability has been identified in the Kedro ShelveStore class version 0.19.8. This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class use...
corradin-opioid-project (=0.1.0), eensight (>=1.0.0 <=1.0.2) +44 more potentially affected by CVE-2024-9701 via kedro (>=0.15.9 <=0.19.8)
kedro PYPI version =0.15.9, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2024-9701 Source advisory: OSV:GHSA-747F-WW56-4Q4H...
corradin-opioid-project (=0.1.0), eensight (>=1.0.0 <=1.0.2) +44 more potentially affected by CVE-2024-12215 via kedro (>=0.15.9 <=0.19.8)
kedro PYPI version =0.15.9, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2024-12215 Source advisory: OSV:GHSA-RM69-WVPV-R2W7...
eensight (>=1.0.0 <=1.0.2), fcdocs (>=0.1.0 <=0.2.0) +33 more potentially affected by CVE-2024-12215 via kedro (>=0.18.14 <=0.19.9)
kedro PYPI version =0.18.14, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.1.0, =0.0.1b1, =1.0.0, =0.2.1, =0.1.2, =1.5.1 and more Source cves: CVE-2024-12215 Source advisory: SNYK:PYTHON-KEDRO-9508726...
CVE-2024-12215
CVE-2024-12215 — Kedro 0.19.8 : The pull_package() API path can execute the tarball’s setup.py via project_wheel_metadata(), enabling remote code execution (RCE) by running arbitrary commands on the victim’s machine. The vulnerability affects kedro-org/kedro and is documented with RCE impact and ...
Kedro 代码问题漏洞
Kedro is a production-ready data science toolkit from Kedro Open Source. A code issue vulnerability exists in Kedro version 0.19.8, which stems from deserializing a malicious payload and could lead to remote code execution...
corradin-opioid-project (=0.1.0), eensight (>=1.0.0 <=1.0.2) +44 more potentially affected by CVE-2024-9701 via kedro (>=0.15.9 <=0.19.8)
kedro PYPI version =0.15.9, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2024-9701 Source advisory: SNYK:PYTHON-KEDRO-8320942...