Insertion of Sensitive Information into Log File Affecting mage-ai package, versions [,0.9.4)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-MAGEAI-5880463
- published 4 Sep 2023
- disclosed 1 Sep 2023
- credit Unknown
How to fix?
Upgrade mage-ai
to version 0.9.4 or higher.
Overview
mage-ai is a Mage is a tool for building and deploying data pipelines.
Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to exposing string source/destination config values.
References
CVSS Scores
version 3.1