Lucene search
K

4 matches found

OSV
OSV
added 2026/04/06 5:43 p.m.7 views

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

7.1CVSS6AI score0.00327EPSS
Exploits0References4
OSV
OSV
added 2026/04/03 3:46 a.m.3 views

GHSA-6326-W46W-PPJW Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.13 views

PT-2026-30018

Impact The get versioned path method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended version...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References5
Huntr
Huntr
added 2026/03/07 3:45 p.m.14 views

Path Traversal via Unsanitized Version String in Versioned Dataset Loading

This report is not public...

7.1CVSS5.3AI score0.00186EPSS
Exploits1
Rows per page
Query Builder