20 matches found
EUVD-2024-0285
Malicious code in bioql PyPI...
aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +5 more potentially affected by CVE-2024-50378 via apache-airflow (>=2.0.0 <=2.0.2)
apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.3.12, =11.8.0, =13.7.0 - gps-building-blocks =1.2.2 - neuro-airflow-plugin =0.0.1 Source cves: CVE-2024-50378 Source advisory: SNYK:PYTHON-APACHEAIRFLOW-8366329...
GHSA-7MGG-3RQ2-HFF4 ai-flow Deserialization of Untrusted Data vulnerability
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
ai-flow Deserialization of Untrusted Data vulnerability
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2024-0960
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2024-0960
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
Deserialization of untrusted data
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2024-0960 flink-extended ai-flow workflow_command.py cloudpickle.loads deserialization
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2024-0960 flink-extended ai-flow workflow_command.py cloudpickle.loads deserialization
A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \aiflow\cli\commands\workflowcommand.py. The manipulation leads to deserialization. The attack can be launched remotely. The...
CVE-2024-0960
CVE-2024-0960 affects the open-source framework flink-extended ai-flow 0.3.1 . The vulnerability targets the function cloudpickle.loads within the file ai_flow/cli/commands/workflow_command.py , enabling a deserialization flaw. According to connected sources, the attack can be launched remotely o...
ai-flow Code Issue Vulnerability
ai-flow is an open source framework for connecting big data and artificial intelligence. A code issue vulnerability exists in flink-extended ai-flow version 0.3.1, which stems from a security issue in the function cloudpickle.loads in aiflowclicommandsworkflowcommand.py, leading to deserializatio...
PT-2024-15940 · Unknown · Flink-Extended Ai-Flow +1
Name of the Vulnerable Software and Affected Versions: flink-extended ai-flow version 0.3.1 Description: A critical issue has been found, affecting the function cloudpickle.loads of the file ai flowclicommandsworkflow command.py. This issue leads to deserialization and can be exploited remotely...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +232 more potentially affected by CVE-2023-40273 via apache-airflow (>=1.10.1 <=2.7.1)
apache-airflow PYPI version =1.10.1, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.5.1, =0.1.1, =0.1.1, =1.10.6 and more Source cves: CVE-2023-40273 Source advisory: OSV:PYSEC-2023-158...
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.9.2.1rc2) +139 more potentially affected by CVE-2023-29005 via flask-appbuilder (>=1.10.0 <=4.1.4)
flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.3, =0.0.6, =0.0.8 and more Source cves: CVE-2023-29005 Source advisory: OSV:GHSA-9HCR-9HCV-X6PV...
aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +3 more potentially affected by CVE-2021-26697 via apache-airflow (>=2.0.0 <=2.0.0rc3)
apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.3.1 - dataverk-airflow =0.3.12 - gps-building-blocks =1.2.2 - neuro-airflow-plugin =0.0.1 Source cves: CVE-2021-26697 Source advisory: OSV:GHSA-FH37-CX83-Q542...
aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +3 more potentially affected by CVE-2021-26559 via apache-airflow (>=2.0.0 <=2.0.0rc3)
apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.3.1 - dataverk-airflow =0.3.12 - gps-building-blocks =1.2.2 - neuro-airflow-plugin =0.0.1 Source cves: CVE-2021-26559 Source advisory: OSV:GHSA-FFW3-6MP6-JMVJ...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +245 more potentially affected by CVE-2020-26268 via tensorflow (>=1.0.1 <=1.15.4)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-26268 Source advisory: OSV:GHSA-HHVC-G5HV-48C6...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +233 more potentially affected by CVE-2020-15202 via tensorflow (>=1.0.1 <=1.15.3)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-15202 Source advisory: OSV:PYSEC-2020-125...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +233 more potentially affected by CVE-2020-15195 via tensorflow (>=1.0.1 <=1.15.3)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-15195 Source advisory: OSV:GHSA-63XM-RX5P-XVQR...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +360 more potentially affected by CVE-2018-10055 via tensorflow (>=1.0.1 <=1.7.0)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.3.1, =0.1.0, =0.4.2, =0.1.0, =0.4.0, =0.1.0, =0.3.1 and more Source cves: CVE-2018-10055 Source advisory: OSV:PYSEC-2019-204...