PyPi: Mage-Ai

CVE-2024-45187

Safety vulnerability ID: 72967

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 23, 2024 Updated at Sep 19, 2024

Scan your Python projects for vulnerabilities →

Advisory

In the Mage AI framework, guest users who remain logged in after their accounts are deleted are mistakenly granted elevated privileges, including the ability to remotely execute arbitrary code via the Mage AI terminal server.

Affected package

mage-ai

Latest version: 0.9.74

Mage is a tool for building and deploying data pipelines.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://research.jfrog.com/vulnerabilities/mage-ai-deleted-users-rce-jfsa-2024-001039602/
https://github.com/advisories/GHSA-jg95-r9xh-xw9c
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45187

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application