74 matches found
Exploit for CVE-2026-41490
CVE-2026-41490 — SQL Injection in Dagster database I/O manager...
CVE-2026-41490
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
CVE-2026-41490
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
CVE-2026-41490 Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
CVE-2026-41490
CVE-2026-41490 affects Dagster’s dynamic partition keys in I/O managers (DuckDB, Snowflake, BigQuery, DeltaLake). Prior to Dagster Core 1.13.1 and Dagster libraries 0.29.1, SQL WHERE clauses were built by interpolating partition key values without escaping, allowing a user with Add Dynamic Partit...
CVE-2026-41490
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
EUVD-2026-28368
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
CVE-2026-41490 Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations
Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries version 0.29.1, the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers constructed SQL WHERE clauses by interpolating...
Dagster SQL注入漏洞
Dagster is an open-source orchestration platform developed by Dagster for developing, producing, and monitoring data assets. Versions of Dagster prior to 1.13.1 and Dagster libraries prior to 0.29.1 have a SQL injection vulnerability. This vulnerability arises from the fact that DuckDB, Snowflake...
CVE-2026-41490 vulnerabilities
Vulnerabilities for packages: dagster, dagster-fips...
CVE-2026-41205 vulnerabilities
Vulnerabilities for packages: open-webui, dagster-fips, prefect-fips, pgadmin4-fips, mlflow, nemo, airflow-core, superset, dagster, airflow, jupyter-base-notebook...
GHSA-MJW2-V2HM-WJ34 vulnerabilities
Vulnerabilities for packages: dagster, dagster-fips...
dagster-snowflake-pandas (>=0.17.3 <=0.29.0), dagster-snowflake-polars (>=0.27.2 <=0.29.0) +2 more potentially affected by CVE-2026-41490 via dagster-snowflake (>=0.17.21 <=0.29.0)
dagster-snowflake PYPI version =0.17.21, =0.17.3, =0.27.2, =0.17.21, =1.0.0, =1.1.0 Source cves: CVE-2026-41490 Source advisory: SNYK:PYTHON-DAGSTERSNOWFLAKE-16109579...
SQL Injection
Overview dagster is a Dagster is an orchestration platform for the development, production, and observation of data assets. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute...
SQL Injection
Overview dagster-gcp is a Package for GCP-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...
SQL Injection
Overview dagster-deltalake is a Package for Deltalake-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL...
SQL Injection
Overview dagster-snowflake-polars is a Package for integrating Snowflake and Polars with Dagster. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands by...
SQL Injection
Overview dagster-duckdb is a Package for DuckDB-specific Dagster framework op and resource components. Affected versions of this package are vulnerable to SQL Injection via the construction of SQL WHERE clauses in database I/O manager integrations. An attacker can execute arbitrary SQL commands b...
dagster-duckdb-pandas (>=0.16.13 <=0.29.0), dagster-duckdb-polars (>=0.17.21 <=0.29.0) +6 more potentially affected by CVE-2026-41490 via dagster-duckdb (>=0.16.13 <=0.29.0)
dagster-duckdb PYPI version =0.16.13, =0.16.13, =0.17.21, =0.16.13, =0.1.1, =0.1.0, =0.1.0, =0.1.1 - lung-sarg =1.0.0 Source cves: CVE-2026-41490 Source advisory: OSV:GHSA-MJW2-V2HM-WJ34...
dagster-deltalake-pandas (>=0.21.9 <=0.29.0), dagster-deltalake-polars (>=0.21.9 <=0.29.0) potentially affected by CVE-2026-41490 via dagster-deltalake (>=0.21.9 <=0.29.0)
dagster-deltalake PYPI version =0.21.9, =0.21.9, =0.21.9, =0.29.0 Source cves: CVE-2026-41490 Source advisory: OSV:GHSA-MJW2-V2HM-WJ34...