Lucene search
+L

98 matches found

vulnersOsv
vulnersOsv
added 2024/07/17 3:52 p.m.4 views

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: OSV:GHSA-P3F3-5CCG-83XQ...

7.8CVSS5.8AI score0.00372EPSS
Exploits1
OSV
OSV
added 2024/07/17 3:52 p.m.9 views

GHSA-P3F3-5CCG-83XQ dbt has an implicit override for built-in materializations from installed packages

Impact What kind of vulnerability is it? Who is impacted? When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also mean...

4.2CVSS5.9AI score0.00372EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2024/07/17 3:52 p.m.17 views

dbt has an implicit override for built-in materializations from installed packages

Impact What kind of vulnerability is it? Who is impacted? When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also mean...

7.8CVSS6.6AI score0.00372EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2024/07/16 11:15 p.m.18 views

CVE-2024-40637

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

7.8CVSS0.00372EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2024/07/16 11:15 p.m.9 views

airflow-dbt-python (>=0.2.0 <=3.6.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +288 more potentially affected by CVE-2024-40637 via dbt-core (>=0.14.0 <=1.6.13)

dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.5.1, =0.6.2 and more Source cves: CVE-2024-40637 Source advisory: OSV:PYSEC-2024-66...

7.8CVSS5.7AI score0.00372EPSS
Exploits1
PyPA
PyPA
added 2024/07/16 11:15 p.m.8 views

PYSEC-2024-66

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

7.8CVSS6.8AI score0.00372EPSS
Exploits1References11Affected Software1
vulnersOsv
vulnersOsv
added 2024/07/16 11:15 p.m.4 views

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: OSV:PYSEC-2024-66...

7.8CVSS5.8AI score0.00372EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/07/16 10:56 p.m.17 views

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

4.2CVSS6.7AI score0.00372EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/07/16 10:56 p.m.25 views

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

4.2CVSS0.00372EPSS
Exploits1References8
OSV
OSV
added 2024/07/16 10:56 p.m.10 views

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

4.2CVSS6.5AI score0.00372EPSS
Exploits1References10
vulnersOsv
vulnersOsv
added 2024/07/03 10:4 a.m.5 views

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-40637 via dbt-core (>=1.7.0 <=1.7.13)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...

7.8CVSS5.8AI score0.00372EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/07/03 10:4 a.m.4 views

airflow-dbt-python (>=0.2.0 <=3.6.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +288 more potentially affected by CVE-2024-40637 via dbt-core (>=0.14.0 <=1.6.13)

dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.5.1, =0.6.2 and more Source cves: CVE-2024-40637 Source advisory: SNYK:PYTHON-DBTCORE-7430282...

7.8CVSS5.7AI score0.00372EPSS
Exploits1
Snyk
Snyk
added 2024/07/03 10:4 a.m.4 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' allowing an attacker to insta...

7.8CVSS6.9AI score0.00372EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/25 1:34 p.m.5 views

Malicious code in data-platform-dbt (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Veracode
Veracode
added 2024/05/29 6:54 a.m.19 views

Binding To An Unrestricted IP Address

dbt-core is vulnerable to Binding to an Unrestricted IP Address. The vulnerability is due to the binding of INADDRANY or IN6ADDRANY to any network interface on the local system not just localhost, which exposes the application on all network interfaces. An attacker can gain unauthorized access by...

5.3CVSS6.7AI score0.0071EPSS
Exploits0References12Affected Software1
vulnersOsv
vulnersOsv
added 2024/05/28 9:19 p.m.16 views

dagster-dbt (>=0.21.7 <=0.21.12), dbt-docs-mcp (=0.0.1) +4 more potentially affected by CVE-2024-36105 via dbt-core (>=1.8.0 <=1.8.0rc2)

dbt-core PYPI version =1.8.0, =0.21.7, =0.5.3, =1.12.1rc1, =1.14.0b6 Source cves: CVE-2024-36105 Source advisory: OSV:GHSA-PMRX-695R-4349...

5.3CVSS6AI score0.0071EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/05/28 9:19 p.m.5 views

dagster-dbt (>=0.20.5 <=0.21.6), dbt-dremio (=1.7.0) +9 more potentially affected by CVE-2024-36105 via dbt-core (>=1.7.0 <=1.7.14)

dbt-core PYPI version =1.7.0, =0.20.5, =1.7.0, =0.0.2, =1.7.0, =0.0.4, =0.203.0.dev5, =0.0.1rc8, =0.4.2, =0.8.0 Source cves: CVE-2024-36105 Source advisory: OSV:GHSA-PMRX-695R-4349...

5.3CVSS6AI score0.0071EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/05/28 9:19 p.m.3 views

airflow-dbt-python (>=0.2.0 <=3.6.0), alvin-cli (>=0.0.1a0 <=1.3.0rc1) +288 more potentially affected by CVE-2024-36105 via dbt-core (>=0.14.0 <=1.6.14)

dbt-core PYPI version =0.14.0, =0.2.0, =0.0.1a0, =1.0.0a1, =0.0.3, =0.3.8, =1.0.6, =0.2.0, =0.11.2, =0.5.6, =0.0.1a1, =0.4.0, =0.5.1, =0.6.2 and more Source cves: CVE-2024-36105 Source advisory: OSV:GHSA-PMRX-695R-4349...

5.3CVSS6AI score0.0071EPSS
Exploits0
NVD
NVD
added 2024/05/27 6:15 p.m.34 views

CVE-2024-36105

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...

5.3CVSS5.2AI score0.0071EPSS
Exploits0References11
CVE
CVE
added 2024/05/27 5:17 p.m.70 views

CVE-2024-36105

CVE-2024-36105 affects dbt-core prior to 1.6.15, 1.7.15, and 1.8.1. The issue arises when the docs server binds to INADDR_ANY or IN6ADDR_ANY (0.0.0.0/::) instead of localhost, exposing the HTTP server on all network interfaces. This can enable unauthorized access from other hosts on the same netw...

5.3CVSS5.2AI score0.0071EPSS
Exploits0References11
Rows per page
Query Builder