7 matches found
CVE-2023-51232
Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...
acryl-datahub-dagster-plugin (>=0.0.0.dev0 <=1.7.0.1rc1), agentflow-runtime (>=1.1.0 <=1.5.0) +235 more potentially affected by CVE-2023-51232 via dagster (>=0.1.1 <=1.5.10)
dagster PYPI version =0.1.1, =0.0.0.dev0, =1.1.0, =0.1.0.dev419, =2.7.1, =2023.12.1, =0.0.1, =0.1.0, =0.0.1, =0.16.0, =0.4.0, =0.0.1, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2023-51232 Source advisory: OSV:GHSA-Q93C-P2MW-P23F...
acryl-datahub-dagster-plugin (>=0.0.0.dev0 <=1.7.0.1rc1), agentflow-runtime (>=1.1.0 <=1.5.0) +233 more potentially affected by CVE-2023-51232 via dagster (>=1.0.0 <=1.5.10)
dagster PYPI version =1.0.0, =0.0.0.dev0, =1.1.0, =0.1.0.dev419, =2.7.1, =2023.12.1, =0.0.1, =0.1.0, =0.0.1, =0.16.0, =0.4.0, =0.0.1, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2023-51232 Source advisory: SNYK:PYTHON-DAGSTER-10664501...
CVE-2023-51232
Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...
CVE-2023-51232
Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...
CVE-2023-51232
Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.11 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot '.'...
CVE-2023-51232
CVE-2023-51232 affects Dagster’s webserver (dagster-webserver) with a Directory Traversal vulnerability on the /logs endpoint. Public docs indicate improper input handling allows remote attackers to disclose sensitive files, particularly those whose names begin with a dot (.), enabling informatio...