Latest version: v0.14.1.12
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2023-25558 | 63342 |
DataHub under 0.9.5 uses the X-DataHub-Actor HTTP header to infer the… |
|
HIGH | 8.8 |
| CVE-2023-25559 | 63343 |
DataHub under 0.8.45 uses the X-DataHub-Actor HTTP header to identify… |
|
HIGH | 8.1 |
| CVE-2023-25560 | 63340 |
DataHub's AuthServiceClient, specifically versions prior to 0.8.45, c… |
|
CRITICAL | 9.8 |
| CVE-2023-25557 | 63341 |
DataHub under 0.8.45 frontend, acting as a proxy, is found to have a … |
|
CRITICAL | 9.1 |
| CVE-2023-25561 | 63339 |
DataHub's AuthServiceClient, particularly versions below 0.8.45, crea… |
|
CRITICAL | 9.8 |
| CVE-2023-25562 | 63338 |
In DataHub versions prior to 0.8.45, session cookies are only cleared… |
|
CRITICAL | 9.8 |
| CVE-2022-39366 | 54556 |
# Missing JWT signature check (`GHSL-2022-078`) The [`StatelessToken… |
|
CRITICAL | 9.8 |