CVE-2024-12215
CVE-2024-12215 — Kedro 0.19.8 : The pull_package() API path can execute the tarball’s setup.py via project_wheel_metadata(), enabling remote code execution (RCE) by running arbitrary commands on the victim’s machine. The vulnerability affects kedro-org/kedro and is documented with RCE impact and ...