Homepage

knowledge-repo@0.6.4 vulnerabilities

A workflow for contributing company knowledge, in the form of RMarkdowns, iPythons, and Markdowns, rendered and organized to magnify research impact across teams and time

  • latest version

    0.9.3

  • latest non vulnerable version

    0.9.3

  • first published

    8 years ago

  • latest version published

    2 years ago

  • licenses detected

  • View knowledge-repo package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the knowledge-repo package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the post comments functionality.

    How to fix Cross-site Scripting (XSS)?

    Upgrade knowledge-repo to version 0.9.0 or higher.

    [0,0.9.0)
    • H
    Arbitrary Code Execution

    knowledge-repo is focused on facilitating the sharing of knowledge between data scientists and other technical roles using data formats and tools that make sense in these professions.

    Affected versions of this package are vulnerable to Arbitrary Code Execution. knowledge-repo read their configuration from the repository itself, by default from a python module called knowledge_repo_config.py. A malicious user with appropriate permissions could submit arbitrary code that will be executed at runtime on users’ machines, potentially leading to unwanted data loss, corruption or dissemination. With this change, only YAML configuration files will be read from the repository, mitigating this security vulnerability.

    How to fix Arbitrary Code Execution?

    Upgrade knowledge-repo to version 0.8.0 or higher.

    [,0.8.0)
    Go back to all versions of this package