4 matches found
PYSEC-2025-102
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
PYSEC-2025-102
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
CVE-2025-51481
Local File Inclusion in dagster.grpc.impl.getnotebookdata in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebookpath field of ExternalNotebookData requests, bypassing the intended extension-based check...
Dagster 路径遍历漏洞
Dagster is a Dagster open source orchestration platform for developing, producing and observing data assets. A security vulnerability exists in Dagster version 1.10.14, which stems from a path traversal sequence in the notebookpath field that can bypass extension-based checks and lead to the...