polyaxon@2.1.0rc17 vulnerabilities

Command Line Interface (CLI) and client to interact with Polyaxon API.

2.8.0.post1

6 years ago

8 days ago

Known vulnerabilities in the polyaxon package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Relative Path Traversal polyaxon is a Command Line Interface (CLI) and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Relative Path Traversal enabling the deletion of files on the target server. An attacker can delete critical files such as `polyaxon.sock` to cause a crash of the API container. How to fix Relative Path Traversal? There is no fixed version for `polyaxon`.	[0,)
H Directory Traversal polyaxon is a Command Line Interface (CLI) and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Directory Traversal via the `runs` endpoint. An attacker can read arbitrary files from the target filesystem by providing a directory traversal path. How to fix Directory Traversal? There is no fixed version for `polyaxon`.	[0,)
M Cross-site Request Forgery (CSRF) polyaxon is a Command Line Interface (CLI) and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) via the `create` endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a malicious project in their instance, which will overwrite the existing project artifacts even if it fails. How to fix Cross-site Request Forgery (CSRF)? There is no fixed version for `polyaxon`.	[0,)