Safety vulnerability ID: 63342
The information on this page was manually curated by our Cybersecurity Intelligence Team.
DataHub under 0.9.5 uses the X-DataHub-Actor HTTP header to infer the user sending requests on behalf of the frontend. However, due to case-insensitivity, an attacker could potentially exploit this by sending a header with different casing (e.g., X-DATAHUB-ACTOR), leading to potential authorization bypass. This allows any user to impersonate the system user account and perform actions on its behalf. This vulnerability, tracked as GHSL-2022-079, was discovered and reported by the GitHub Security lab.
https://github.com/datahub-project/datahub/security/advisories/GHSA-hrwp-2q5c-86wv
https://github.com/datahub-project/datahub/commit/2a182f484677d056730d6b4e9f0143e67368359f
Latest version: 0.14.1.12
A CLI to work with DataHub metadata
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application