Kedro 路径遍历漏洞

Kedro is an open-source production-ready data science toolkit developed by Kedro. Versions prior to Kedro 1.3.0 contained a path traversal vulnerability. This vulnerability stemmed from the getversionedpath method not clearing the version string provided by the user, allowing for path traversal a...

PT-2026-30018

Impact The get versioned path method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended version...