mage-ai@0.8.15 vulnerabilities

Mage is a tool for building and deploying data pipelines.

Direct Vulnerabilities

Known vulnerabilities in the mage-ai package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Incorrect Privilege Assignment

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the incorrect privilege assignment to guest users who remain logged in after their accounts are deleted. An attacker can execute arbitrary code remotely by accessing the Mage AI terminal server.

How to fix Incorrect Privilege Assignment?

There is no fixed version for mage-ai.

[0,)
  • H
Directory Traversal

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Directory Traversal via the Git Content request. An attacker with Viewer role can leak arbitrary files from the server by exploiting the path traversal vulnerability.

How to fix Directory Traversal?

There is no fixed version for mage-ai.

[0,)
  • H
Directory Traversal

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Directory Traversal via the Pipeline Interaction request. An attacker with Viewer role can leak arbitrary files from the server by sending a crafted request.

How to fix Directory Traversal?

There is no fixed version for mage-ai.

[0,)
  • H
Path Traversal

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Path Traversal via the File Content request. An attacker with Viewer permissions can leak arbitrary files from the server by exploiting insufficient validation of user-supplied input.

How to fix Path Traversal?

There is no fixed version for mage-ai.

[0,)
  • M
Information Exposure

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Information Exposure through the terminal server command history retrieval process. An attacker can obtain sensitive information by exploiting the lack of proper access controls.

How to fix Information Exposure?

There is no fixed version for mage-ai.

[0,)
  • M
Insertion of Sensitive Information into Log File

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to exposing string source/destination config values.

How to fix Insertion of Sensitive Information into Log File?

Upgrade mage-ai to version 0.9.4 or higher.

[,0.9.4)
  • H
Race Condition

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Race Condition due to insufficient concurrency checks in the mage_ai/io/trino.py file. This issue occurs right after creating a table and trying to immediately fetch data from it.

How to fix Race Condition?

Upgrade mage-ai to version 0.8.58 or higher.

[,0.8.58)
  • H
Race Condition

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Race Condition due to improper synchronization when triggering pipeline runs from API or code.

How to fix Race Condition?

Upgrade mage-ai to version 0.8.83 or higher.

[,0.8.83)
  • M
Access Restriction Bypass

mage-ai is a Mage is a tool for building and deploying data pipelines.

Affected versions of this package are vulnerable to Access Restriction Bypass the terminal could be accessed by users who are not signed in or do not have editor permissions, when user authentication with Mage is enabled.

How to fix Access Restriction Bypass?

Upgrade mage-ai to version 0.8.72 or higher.

[,0.8.72)