dbt-core@1.5.0b3 vulnerabilities

With dbt, data analysts and engineers can build analytics the way engineers build applications.

Direct Vulnerabilities

Known vulnerabilities in the dbt-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') allowing an attacker to install a malicious package, gaining the ability to override macros, materializations, and other core components of dbt.

How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')?

Upgrade dbt-core to version 1.6.14, 1.7.14 or higher.

[0,1.6.14) [1.7.0,1.7.14)
  • M
Binding to an Unrestricted IP Address

dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications.

Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the binding to INADDR_ANY or IN6ADDR_ANY to any network interface on the local system, which exposes the application on all network interfaces. An attacker can gain unauthorized access by connecting to the application from any network interface.

How to fix Binding to an Unrestricted IP Address?

Upgrade dbt-core to version 1.6.15, 1.7.15, 1.8.1 or higher.

[1.5.0b1,1.6.15) [1.7.0,1.7.15) [1.8.0,1.8.1)