Information Exposure Affecting taegis-magic package, versions [,2024.10.8)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-TAEGISMAGIC-8340642
- published 4 Nov 2024
- disclosed 1 Nov 2024
- credit Unknown
How to fix?
Upgrade taegis-magic
to version 2024.10.8 or higher.
Overview
taegis-magic is a Taegis IPython Magics
Affected versions of this package are vulnerable to Information Exposure due to the exposure of inspect.currentframe().f_locals
in the search()
function in events.py
, which exposes a GraphQLService
object. This may include sensitive internal values such as tenant IDs, regions, or other private data, depending on the context in which the function is called.