Safety vulnerability ID: 76273
The information on this page was manually curated by our Cybersecurity Intelligence Team.
In kedro-org/kedro version 0.19.8, the pull_package() API function allows users to download and extract micro packages from the Internet. However, the function project_wheel_metadata() within the code path can execute the setup.py file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machine.
Latest version: 0.19.12
Kedro helps you build production-ready data and analytics pipelines
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application