5 matches found
CVE-2026-41255
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect,...
EUVD-2024-2468
Malicious code in bioql PyPI...
EUVD-2024-2643
Malicious code in bioql PyPI...
CVE-2023-32696
CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...
CVE-2024-41674 CKAN may leak Solr credentials via error message in package_search action
CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL potentially including credentials could be leaked to packagesearch calls as part of the returned error message. This has been patched ...