Safety vulnerability ID: 63343
The information on this page was manually curated by our Cybersecurity Intelligence Team.
DataHub under 0.8.45 uses the X-DataHub-Actor HTTP header to identify the user making requests without authentication. However, this can be exploited by attackers who can manipulate the case of the header (e.g., X-DATAHUB-ACTOR), leading to potential authorization bypass and unauthorized actions. This issue, identified and reported by GitHub Security Lab, is known as GHSL-2022-079.
https://github.com/datahub-project/datahub/security/advisories/GHSA-qgp2-qr66-j8r8
Latest version: 0.14.1.12
A CLI to work with DataHub metadata
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application