5 matches found
CVE-2024-12215
In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...
eensight (>=1.0.0 <=1.0.2), fcdocs (>=0.1.0 <=0.2.0) +33 more potentially affected by CVE-2024-12215 via kedro (>=0.18.14 <=0.19.9)
kedro PYPI version =0.18.14, =1.0.0, =0.1.0, =0.1.0, =0.1.9, =0.1.0, =0.0.4, =0.1.0, =0.1.0, =0.0.1b1, =1.0.0, =0.2.1, =0.1.2, =1.5.1 and more Source cves: CVE-2024-12215 Source advisory: SNYK:PYTHON-KEDRO-9508726...
CVE-2024-12215
creationtimestamp| type| source ---|---|--- 2025-03-20 10:19:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8181...
CVE-2024-12215 Remote Code Execution in kedro-org/kedro
In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...
CVE-2024-12215 Remote Code Execution in kedro-org/kedro
In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...