Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/01/02 7:34 a.m.16 views

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.3AI score0.00264EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/01 9:30 a.m.7 views

EUVD-2025-206133

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.1AI score0.00264EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/01 9:30 a.m.8 views

Feast vulnerable to Deserialization of Untrusted Data

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.3AI score0.00264EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/01/01 9:30 a.m.4 views

GHSA-34WM-4HW7-QFJV Feast vulnerable to Deserialization of Untrusted Data

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.5AI score0.00264EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/01 7:40 a.m.6 views

Deserialization of Untrusted Data

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the YAML config parsing in Kubernetes materializer due to using the function yaml.load. An attacker can execute arbitrary operating system commands by modifying the...

8.5CVSS7.5AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/01/01 7:16 a.m.5 views

CVE-2025-11157

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS0.00264EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/01 7:3 a.m.29 views

CVE-2025-11157 Arbitrary Code Execution in feast-dev/feast

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/01 7:3 a.m.5 views

CVE-2025-11157 Arbitrary Code Execution in feast-dev/feast

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS8.2AI score0.00264EPSS
Exploits0References2
CVE
CVE
added 2026/01/01 7:3 a.m.40 views

CVE-2025-11157

CVE-2025-11157 is a high-severity remote code execution flaw in feast-dev/feast v0.53.0, due to unsafe YAML deserialization in the Kubernetes materializer (feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py) where yaml.load(..., Loader=yaml.Loader) processes /var/feast/feature_store....

7.8CVSS8.2AI score0.00264EPSS
Exploits0References6
OSV
OSV
added 2026/01/01 7:3 a.m.6 views

CVE-2025-11157 Arbitrary Code Execution in feast-dev/feast

A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at feast/sdk/python/feast/infra/computeengines/kubernetes/main.py. The vulnerability arises from the use of yaml.load..., Loader=yaml.Loader to...

7.8CVSS6.8AI score0.00264EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.11 views

PT-2026-1002

Name of the Vulnerable Software and Affected Versions feast-dev/feast version 0.53.0 Description A high-severity remote code execution issue exists in the Kubernetes materializer job located at feast/sdk/python/feast/infra/compute engines/kubernetes/main.py. The problem stems from using...

7.8CVSS8.1AI score0.00264EPSS
Exploits0References19
Veracode
Veracode
added 2025/11/26 6:14 a.m.4 views

Path Traversal

ZenML is vulnerable to a path traversal. The vulnerability is due to improper validation of file paths during data.tar.gz extraction in the PathMaterializer class, which fails to detect symbolic and hard links, allowing an attacker to write arbitrary files and potentially achieve arbitrary comman...

7.8CVSS7.3AI score0.00334EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/10/05 9:42 a.m.2 views

Directory Traversal

Overview zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Directory Traversal via the load function in the PathMaterializer class during extraction of data.tar.gz archives. An attacker can overwrite arbitrary files, potentially leading to comma...

7.8CVSS7.8AI score0.00334EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/05 9:30 a.m.6 views

EUVD-2025-32453

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...

6.3CVSS6.8AI score0.00334EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/10/05 9:30 a.m.6 views

ZenML is vulnerable to Path Traversal through its `PathMaterializer` class

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...

7.8CVSS7.4AI score0.00334EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/10/05 9:0 a.m.5 views

CVE-2025-8406 Path Traversal in zenml-io/zenml

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...

6.3CVSS0.00334EPSS
Exploits1References2
Huntr
Huntr
added 2025/09/26 7:3 a.m.7 views

Arbitrary code execution during YAML config parsing in Kubernetes materializer

Summary The Kubernetes materializer entry point feast/sdk/python/feast/infra/computeengines/kubernetes/main.py deserializes /var/feast/featurestore.yaml and /var/feast/materializationconfig.yaml using yaml.load..., Loader=yaml.Loader. Because yaml.Loader eagerly instantiates arbitrary Python...

7.8CVSS6.8AI score0.00264EPSS
Exploits0
Huntr
Huntr
added 2025/06/30 9:0 a.m.8 views

Path traversal, lead to remote code execution

Description In zenml's PathMaterializer class, the load function uses ispathwithindirectory to validate files during data.tar.gz extraction. While this prevents path traversal vulnerabilities, it fails to effectively detect symbolic and hard links. with tarfile.openarchivepathlocal, "r:gz" as tar...

7.8CVSS6.5AI score0.00334EPSS
Exploits1
NVD
NVD
added 2024/03/14 7:15 p.m.12 views

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

8.8CVSS7.8AI score0.00713EPSS
Exploits0References1
OSV
OSV
added 2024/03/14 12:0 a.m.7 views

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

8.8CVSS8.1AI score0.00713EPSS
Exploits0References3
Rows per page
Query Builder