3 matches found
PT-2026-55202
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 0.15.2 Fleet versions prior to 0.14.6 Fleet versions prior to 0.13.11 Fleet versions prior to 0.12.15 Description An issue exists when the webhook endpoint is configured without a secret, allowing unauthenticated...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...
Command Injection
Overview deepspeed is a DeepSpeed library Affected versions of this package are vulnerable to Command Injection when multiple instances where subprocess.run and subprocess.checkoutput, are called with unsanitized input and shell=True. An attacker would need to supply specially crafted input to...