39 matches found
DataHub 代码问题漏洞
DataHub is a metadata platform for a modern data stack, open-sourced by the datahub-project. Versions of DataHub prior to 1.5.0.3 contained code-related vulnerabilities. These vulnerabilities stemmed from the DataHub frontend’s OIDC callback process, where it deserialized Java objects controlled ...
autopoc
AutoPoC Automated proof-of-concept deployments on OpenShift...
Security Bulletin: Multiple Vulnerabilities in IBM Data Product Hub
Summary Multiple vulnerabilities were addressed in IBM Data Product Hub version 5.3.1 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content...
CVE-2026-25644
DataHub is an open-source metadata platform. Prior to version 1.3.1.8, the LDAP ingestion source is vulnerable to MITM attack through TLS downgrade. This issue has been patched in version 1.3.1.8...
CVE-2022-0955
Cross-site Scripting XSS - Stored in GitHub repository pimcore/data-hub prior to 1.2.4...
EUVD-2019-1163
Malware in sbrugna...
EUVD-2020-27447
Malware in sbrugna...
EUVD-2022-1545
Malicious code in bioql PyPI...
A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users
A misconfigured platform used by the Department of Homeland Security left national security information—including some related to the surveillance of Americans—accessible to thousands of people...
CVE-2020-6297
Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure...
CVE-2019-0390
Under certain conditions SAP Data Hub corrected in DHFoundation version 2 allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users...
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +31 more potentially affected by CVE-2025-24023 via flask-appbuilder (>=4.1.2 <=4.5.2)
flask-appbuilder PYPI version =4.1.2, =0.10.5.2rc3, =0.2.1, =0.8.2, =0.3.1, =0.0.4, =0.0.1a0, =2.3.3, =1.0.0, =1.0.0rc1, =1.0.2, =1.0.0rc1, =1.8.1rc1 and more Source cves: CVE-2025-24023 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-9058045...
BIT-PIMCORE-2022-0955
Cross-site Scripting XSS - Stored in GitHub repository pimcore/data-hub prior to 1.2.4...
USN-6493-2 hibagent update
USN-6493-1 fixed a vulnerability in hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: On Ubuntu 18.04 LTS and Ubuntu 16.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure...
USN-6493-1 hibagent update
On Ubuntu 20.04 LTS and Ubuntu 22.04 LTS, the hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended. In addition, on all releases, hibagent has been updated to do nothing if ODH is configured...
CVE-2023-32321
CKAN (open-source data management system) is affected by CVE-2023-32321 with multiple flaws in older CKAN releases up to 2.9.9/2.10.1. The issues include: (1) arbitrary file writes in resource_create and package_update via ResourceUploader, potentially reachable through package_create/revise/patc...
Cross-Site Scripting (XSS)
pimcore/data-hub is vulnerable to stored cross-site scripting. The vulnerability exists because the configuration values are not escaped properly which allows a malicious attacker to inject and execute arbitrary javascript...
CVE-2022-0955
Cross-site Scripting XSS - Stored in GitHub repository pimcore/data-hub prior to 1.2.4...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository pimcore/data-hub prior to 1.2.4...
CVE-2022-0955
Summary: CVE-2022-0955 is a stored Cross-site Scripting (XSS) vulnerability in Pimcore/Data-Hub prior to version 1.2.4. The Red Hat and OSV entries, along with the Pimcore advisories, describe that an admin user accessing Pimcore/Data-Hub could trigger the attack, potentially compromising cookies...