928 matches found
CVE-2024-34075
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...
CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...
CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization
kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...
PT-2024-25686 · Kurwov · Kurwov
Name of the Vulnerable Software and Affected Versions: kurwov versions prior to 3.2.5 Description: The issue arises from an unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose. This allows a maliciously crafted string on the dataset to...
Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds
A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet marke...
A Vast New Data Set Could Supercharge the AI Hunt for Crypto Money Laundering
Blockchain analysis firm Elliptic, MIT, and IBM have released a new AI model—and the 200-million-transaction dataset it's trained on—that aims to spot the “shape” of bitcoin money laundering...
BIT-MLFLOW-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
OS Command Injection
github.com/fluid-cloudnative/fluid is vulnerable to OS Command Injection. The vulnerability is due to insufficient input validation within the JuicefsRuntime, allowing an authenticated user with the authority to create or update the K8s CRD Dataset/JuicefsRuntime to execute arbitrary OS commands...
CVE-2023-51699
Summary: CVE-2023-51699 affects Fluid’s JuicefsRuntime within the Fluid project, enabling OS command injection by an authenticated user with authority to create/update the K8s CRD datasets/ JuicefsRuntime. What is affected: Fluid (open source Kubernetes-native Distributed Dataset Orchestrator) an...
GHSA-WX8Q-4GM9-RJ2G Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Impact OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to...
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Impact OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to...
CVE-2024-24779 Apache Superset: Improper data authorization when creating a new dataset
Apache Superset with custom roles that include can write on dataset and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apac...
PT-2024-20556 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 3.0.4 Apache Superset versions 3.1.0 through 3.1.0 Description: The issue allows users with custom roles that include can write on dataset and without all data access permissions to create virtual datasets to...
Cross Site Scripting (XSS)
mlflow is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization while executing a recipe with an untrusted dataset, which results in client-side RCE in the Jupyter Notebook...
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
GHSA-3V79-Q7PH-J75H MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
CVE-2024-27133
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
PYSEC-2024-241
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
PYSEC-2024-241
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...
CVE-2024-27133
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...