Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Veracode
Veracodeadded 2024/07/18 6:42 a.m.15 views

Code Injection

dbtcore is vulnerable to Code Injection. The vulnerability is due to the ability of packages to override macros, materializations, and other core components of dbt, which can allow attackers to inject harmful code...

7.8CVSS6.8AI score0.00124EPSS
Exploits1References10Affected Software1
OSV
OSVadded 2024/07/17 3:52 p.m.4 views

GHSA-P3F3-5CCG-83XQ dbt has an implicit override for built-in materializations from installed packages

Impact What kind of vulnerability is it? Who is impacted? When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also mean...

4.2CVSS5.9AI score0.00124EPSS
Exploits1References11
PyPA
PyPAadded 2024/07/16 11:15 p.m.5 views

PYSEC-2024-66

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

7.8CVSS6.8AI score0.00124EPSS
Exploits1References11Affected Software1
Vulnrichment
Vulnrichmentadded 2024/07/16 10:56 p.m.17 views

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

4.2CVSS6.7AI score0.00124EPSS
Exploits1References8
Cvelist
Cvelistadded 2024/07/16 10:56 p.m.21 views

CVE-2024-40637 Implicit override for built-in materializations from installed packages in dbt-core

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it...

4.2CVSS0.00124EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2024/07/16 12:0 a.m.4 views

PT-2024-28956

Name of the Vulnerable Software and Affected Versions dbt versions prior to 1.6.14 dbt versions prior to 1.7.14 dbt versions prior to 1.8.0 Description The issue allows a malicious package to override core components of dbt with harmful code when installed. This is due to the design of dbt, which...

7.8CVSS6.7AI score0.00124EPSS
Exploits1References16
Rows per page
Query Builder