knowledge-repo@0.6.3 vulnerabilities

A workflow for contributing company knowledge, in the form of RMarkdowns, iPythons, and Markdowns, rendered and organized to magnify research impact across teams and time

latest version

0.9.3
latest non vulnerable version

0.9.3
first published

8 years ago
latest version published

a year ago
licenses detected
- Apache-2.0
  [0,)
View knowledge-repo package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the knowledge-repo package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the post comments functionality. How to fix Cross-site Scripting (XSS)? Upgrade `knowledge-repo` to version 0.9.0 or higher.	[0,0.9.0)
H Arbitrary Code Execution knowledge-repo is focused on facilitating the sharing of knowledge between data scientists and other technical roles using data formats and tools that make sense in these professions. Affected versions of this package are vulnerable to Arbitrary Code Execution. `knowledge-repo` read their configuration from the repository itself, by default from a python module called `knowledge_repo_config.py`. A malicious user with appropriate permissions could submit arbitrary code that will be executed at runtime on users’ machines, potentially leading to unwanted data loss, corruption or dissemination. With this change, only YAML configuration files will be read from the repository, mitigating this security vulnerability. How to fix Arbitrary Code Execution? Upgrade `knowledge-repo` to version 0.8.0 or higher.	[,0.8.0)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the post comments functionality.

How to fix Cross-site Scripting (XSS)?

Upgrade knowledge-repo to version 0.9.0 or higher.

[0,0.9.0)

Arbitrary Code Execution

knowledge-repo is focused on facilitating the sharing of knowledge between data scientists and other technical roles using data formats and tools that make sense in these professions.

Affected versions of this package are vulnerable to Arbitrary Code Execution. knowledge-repo read their configuration from the repository itself, by default from a python module called knowledge_repo_config.py. A malicious user with appropriate permissions could submit arbitrary code that will be executed at runtime on users’ machines, potentially leading to unwanted data loss, corruption or dissemination. With this change, only YAML configuration files will be read from the repository, mitigating this security vulnerability.

How to fix Arbitrary Code Execution?

Upgrade knowledge-repo to version 0.8.0 or higher.

[,0.8.0)

Go back to all versions of this package

knowledge-repo@0.6.3 vulnerabilities

A workflow for contributing company knowledge, in the form of RMarkdowns, iPythons, and Markdowns, rendered and organized to magnify research impact across teams and time

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities