dbt-core@1.7.1 vulnerabilities
With dbt, data analysts and engineers can build analytics the way engineers build applications.
-
latest version
1.8.9
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
3 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the dbt-core package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') allowing an attacker to install a malicious package, gaining the ability to override macros, materializations, and other core components of dbt. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade |
[0,1.6.14)
[1.7.0,1.7.14)
|
dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications. Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the binding to How to fix Binding to an Unrestricted IP Address? Upgrade |
[1.5.0b1,1.6.15)
[1.7.0,1.7.15)
[1.8.0,1.8.1)
|
dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information when used to pull source code from a private repository using a How to fix Cleartext Storage of Sensitive Information? Upgrade |
[1.7.0,1.7.3)
|