Lucene search
K

47 matches found

EUVD
EUVD
added 2026/04/06 5:43 p.m.9 views

EUVD-2026-19416

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 3:46 a.m.3 views

GHSA-6326-W46W-PPJW Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/03 3:46 a.m.7 views

Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

8.1CVSS5.9AI score0.00327EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/01 6:32 a.m.4 views

Directory Traversal

Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Directory Traversal due to unsanitized version strings in versioned dataset path construction. The AbstractVersionedDataset.getversionedpath logic used durin...

8.1CVSS6.5AI score0.00327EPSS
Exploits0References3
OSV
OSV
added 2026/03/20 2:26 p.m.10 views

OESA-2026-1698 golang security update

The Go Programming Language. Security Fixes: The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large...

10CVSS7.8AI score0.01945EPSS
Exploits2References7
OSV
OSV
added 2026/03/02 10:30 a.m.12 views

CLSA-2026-1772124479 golang: Fix of 7 CVEs

Update to Go 1.25.7 - CVE-2025-61726: fixed DoS due to memory exhaustion flaw in net/url parameter parsing - CVE-2025-61732: fixed RCE via code smuggling flaw in cgo comment parsing - CVE-2025-68121: fixed security bypass in TLS where session resumption could ignore revoked or expired client...

10CVSS6.3AI score0.01945EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/05 12:1 p.m.12 views

CVE-2025-68119

A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial hg installed, this can occur when downloading modules from...

7CVSS8.6AI score0.00335EPSS
Exploits0References7
CNVD
CNVD
added 2026/02/05 12:0 a.m.7 views

Google Go Code Execution Vulnerability (CNVD-2026-10650)

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. A code execution vulnerability exists in Google Go due to an insecure construction of external VCS commands when handling untrusted module sources or malicious version strings in...

7CVSS6.9AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.3 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS9AI score
Exploits0References4
OSV
OSV
added 2026/01/28 8:16 p.m.7 views

AZL-75639 CVE-2025-68119 affecting package msft-golang for versions less than 1.24.12-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS8AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/01/28 8:16 p.m.8 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS0.00335EPSS
Exploits0References4
OSV
OSV
added 2026/01/28 8:16 p.m.6 views

AZL-75698 CVE-2025-68119 affecting package golang for versions less than 1.24.12-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS6.4AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.7 views

AZL-78939 CVE-2025-68119 affecting package golang 1.25.7-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS6.4AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.5 views

AZL-75728 CVE-2025-68119 affecting package golang for versions less than 1.25.6-1

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.8AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.2 views

UBUNTU-CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.7AI score0.00335EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/28 7:30 p.m.4 views

EUVD-2025-206446

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS6.4AI score0.00335EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:30 p.m.5 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

6.4AI score0.00335EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/28 7:30 p.m.45 views

CVE-2025-68119

CVE-2025-68119 describes local code execution and arbitrary-file writes when downloading/building modules with malicious version strings in environments where external VCS tools are present. Specifically: on systems with Mercurial (hg), downloading modules from non-standard sources (e.g., custom ...

7CVSS7.8AI score0.00335EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/28 7:30 p.m.21 views

CVE-2025-68119 Unexpected code execution when invoking toolchain in cmd/go

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

0.00335EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/01/28 7:30 p.m.8 views

CVE-2025-68119

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial hg installed, downloading modules from non-standard sources e.g., custom domains can cause unexpected code execution due to how external VCS commands are constructed. This iss...

7CVSS7.8AI score0.00335EPSS
Exploits0
Rows per page
Query Builder