Lucene search
K

4 matches found

OSV
OSV
added 2026/04/06 5:43 p.m.7 views

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

7.1CVSS6AI score0.00327EPSS
Exploits0References4
CVE
CVE
added 2026/04/06 5:43 p.m.22 views

CVE-2026-35167

CVE-2026-35167 affects Kedro. The _get_versioned_path() function constructs filesystem paths by directly interpolating user-supplied version strings, preserving traversal sequences like ../ and enabling access outside the intended versioned dataset directory. This affects multiple entry points (c...

8.1CVSS5.9AI score0.00327EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 3:46 a.m.9 views

Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

8.1CVSS5.9AI score0.00327EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/03 3:46 a.m.3 views

GHSA-6326-W46W-PPJW Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References5
Rows per page
Query Builder