5 matches found
actinia-core (>=4.11.0 <=4.14.1), admetica (>=1.3.0 <=1.4.1) +230 more potentially affected by CVE-2024-49766 via werkzeug (>=3.0.0 <=3.0.4)
werkzeug PYPI version =3.0.0, =4.11.0, =1.3.0, =0.1.1, =0.1.0, =0.0.3.20, =0.9.9, =2024.7.18.1, =0.0.1, =0.0.12, =1.9.0, =3.2.2, =3.4.3 and more Source cves: CVE-2024-49766 Source advisory: SNYK:PYTHON-WERKZEUG-8309091...
a2ml (>=0.1.0 <=0.1.2), aadetools (>=0.0.3 <=0.0.5) +627 more potentially affected by CVE-2022-40898 via wheel (>=0.24.0 <=0.38.0)
wheel PYPI version =0.24.0, =0.1.0, =0.0.3, =0.1.1, =0.1.0, =1.0.0, =0.14.0, =1.4.6, =1.0.1, =1.0.17, =3.9.0, =2.4.1, =0.0.1, =1.0.1 and more Source cves: CVE-2022-40898 Source advisory: OSV:GHSA-QWMP-2CF2-G9G6...
Privilege Escalation
amundsen-frontend is vulnerable to privilege escaltion. Any user is allowed to change table and column descriptions because the properties UNEDITABLESCHEMAS and/or UNEDITABLETABLEDESCRIPTIONMATCHRULES set in the front-end are not enforced...
GHSA-47QG-Q58V-7VRP UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Impact Any install that has UNEDITABLESCHEMAS and/or UNEDITABLETABLEDESCRIPTIONMATCHRULES set in the front-end, is being impacted. The value of these properties is ignored if set, allowing any user to modify table and column descriptions, even though the properties imply they shouldn't be. Patche...
aeropress (=0.0.5), allennlp-datalawyer (>=0.1.0 <=0.1.10) +34 more potentially affected by CVE-2019-19274 via typed-ast (>=0.6.3 <=1.3.1)
typed-ast PYPI version =0.6.3, =0.1.0, =1.0.1, =1.0.17, =2.4.1, =0.1.1, =1.0.0, =2.2.2b1, =0.31.0, =1.3.5, =1.0.0, =0.3.4, =0.9.94, =2.0.3 - hmt-escrow =0.2.0rc1 and more Source cves: CVE-2019-19274 Source advisory: OSV:PYSEC-2019-130...