Safety vulnerability ID: 63340
The information on this page was manually curated by our Cybersecurity Intelligence Team.
DataHub's AuthServiceClient, specifically versions prior to 0.8.45, creates JSON strings using format strings containing user-controlled data. This method enables potential attackers to manipulate these JSON strings and forward them to the backend, leading to potential misuse and authentication bypasses. Such misuse could result in the generation of system accounts, potentially leading to full system compromise. This vulnerability was identified and reported by the GitHub Security lab and is being tracked under GHSL-2022-080.
https://github.com/datahub-project/datahub/security/advisories/GHSA-6rpf-5cfg-h8f3
Latest version: 0.14.1.12
A CLI to work with DataHub metadata
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application