688 matches found
EUVD-2018-0087
Malware in sbrugna...
EUVD-2024-0098
Malicious code in bioql PyPI...
Why 3D-Printing an Untraceable Ghost Gun Is Easier Than Ever
On today’s episode of ‘Uncanny Valley,’ we discuss how WIRED was able to legally 3D-print the same gun allegedly used by Luigi Mangione, and where US law stands on the technology...
CVE-2018-1000843
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...
We Made Luigi Mangione’s 3D-Printed Gun—and Fired It
In the wake of Luigi Mangione’s alleged killing of a health care CEO with a partially 3D-printed pistol, we built and tested the exact same model of weapon ourselves. And it was entirely legal...
MAL-2025-2466 Malicious code in luigi-core-private (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11cd1d2cbf2a40d16c75ccb85355549f06a2ffc93d9cdacc4861e929cd70ae14 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in luigi-core-private (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11cd1d2cbf2a40d16c75ccb85355549f06a2ffc93d9cdacc4861e929cd70ae14 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-21542
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
luigi Arbitrary File Write via Archive Extraction (Zip Slip)
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
aws-service-catalog-factory (>=0.4.0 <=0.102.1), aws-service-catalog-puppet (>=0.1.0 <=0.253.0) +71 more potentially affected by CVE-2024-21542 via luigi (>=1.3.0 <=3.5.2)
luigi PYPI version =1.3.0, =0.4.0, =0.1.0, =0.3.1, =0.4.0, =0.0.8, =0.40.0, =1.0.1, =0.4.0, =1.0.0a20, =0.5.0, =0.0.7, =0.1.0, =0.1.0, =0.2.3, =0.10.20 and more Source cves: CVE-2024-21542 Source advisory: OSV:GHSA-8QCH-VJ6M-2694...
GHSA-8QCH-VJ6M-2694 luigi Arbitrary File Write via Archive Extraction (Zip Slip)
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
CVE-2024-21542
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
CVE-2024-21542
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
PYSEC-2024-159
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
PYSEC-2024-159
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
aws-service-catalog-factory (>=0.4.0 <=0.102.1), aws-service-catalog-puppet (>=0.1.0 <=0.253.0) +71 more potentially affected by CVE-2024-21542 via luigi (>=1.3.0 <=3.5.2)
luigi PYPI version =1.3.0, =0.4.0, =0.1.0, =0.3.1, =0.4.0, =0.0.8, =0.40.0, =1.0.1, =0.4.0, =1.0.0a20, =0.5.0, =0.0.7, =0.1.0, =0.1.0, =0.2.3, =0.10.20 and more Source cves: CVE-2024-21542 Source advisory: OSV:PYSEC-2024-159...
CVE-2024-21542
CVE-2024-21542 affects luigi before 3.6.0, vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) caused by improper destination file path validation in the _extract_packages_archive function. A malicious zip can traverse paths to overwrite arbitrary files outside the target directo...
CVE-2024-21542
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
CVE-2024-21542
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip due to improper destination file path validation in the extractpackagesarchive function...
Luigi 安全漏洞
Luigi is a Python package open-sourced by Spotify that helps build complex pipelines of batch jobs. A security vulnerability exists in Luigi versions prior to 3.6.0, which stems from incorrect validation of the destination file path in the extractpackagesarchive function, leaving it vulnerable to...