GHSA-RM69-WVPV-R2W7 Kedro allows Remote Code Execution by Pulling Micro Packages

In kedro-org/kedro version 0.19.8, the pullpackage API function allows users to download and extract micro packages from the Internet. However, the function projectwheelmetadata within the code path can execute the setup.py file inside the tar file, leading to remote code execution RCE by running...

Kedro 输入验证错误漏洞

Kedro is a production-ready data science toolkit from Kedro Open Source. An input validation error vulnerability exists in Kedro version 0.19.8, which stems from the execution of the setup.py file by the pullpackage function and could lead to remote code execution...