3 matches found
Eval Injection
Overview talkpipe is a Python internal and external DSL for writing generative AI analytics Affected versions of this package are vulnerable to Eval Injection due to using the function eval unsafe in the compileLambda function in the talkpipe/util/datamanipulation.py file. An attacker can execute...
Command Injection
Overview talkpipe is a Python internal and external DSL for writing generative AI analytics Affected versions of this package are vulnerable to Command Injection via the talkpipe.util.os.runcommand function which use subprocess.Popen..., shell=True unsafe. An attacker can execute arbitrary...
Missing Authentication for Critical Function
Overview talkpipe is a Python internal and external DSL for writing generative AI analytics Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the CORS middleware, which allowed requests from any origin , without needing to provide any form of...