mage-ai@0.8.10 vulnerabilities
Mage is a tool for building and deploying data pipelines.
-
latest version
0.9.74
-
first published
2 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the mage-ai package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the incorrect privilege assignment to guest users who remain logged in after their accounts are deleted. An attacker can execute arbitrary code remotely by accessing the Mage AI terminal server. How to fix Incorrect Privilege Assignment? There is no fixed version for |
[0,)
|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? There is no fixed version for |
[0,)
|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Directory Traversal via the How to fix Directory Traversal? There is no fixed version for |
[0,)
|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Path Traversal via the How to fix Path Traversal? There is no fixed version for |
[0,)
|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Information Exposure through the terminal server command history retrieval process. An attacker can obtain sensitive information by exploiting the lack of proper access controls. How to fix Information Exposure? There is no fixed version for |
[0,)
|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to exposing string source/destination config values. How to fix Insertion of Sensitive Information into Log File? Upgrade |
[,0.9.4)
|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Race Condition due to insufficient concurrency checks in the How to fix Race Condition? Upgrade |
[,0.8.58)
|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Race Condition due to improper synchronization when triggering pipeline runs from API or code. How to fix Race Condition? Upgrade |
[,0.8.83)
|
mage-ai is a Mage is a tool for building and deploying data pipelines. Affected versions of this package are vulnerable to Access Restriction Bypass the terminal could be accessed by users who are not signed in or do not have editor permissions, when user authentication with Mage is enabled. How to fix Access Restriction Bypass? Upgrade |
[,0.8.72)
|