Logo
Submit a FixGo To App

AIKIDO-2024-10152

prefect is vulnerable to Path Traversal

70

High

prefect

AIKIDO-2024-10152: prefect is vulnerable to Path Traversal in versions 0.5.0 - 3.0.0rc8.

Path Traversal
Vuln in 0.5.0 - 3.0.0rc8
Fixed in 3.0.0rc9
No CVE available
TL;DR

Affected versions of prefect are vulnerable to a path traversal, which allows an attacker to retrieve the contents of any JSON file on the system. See: https://github.com/PrefectHQ/prefect/pull/14277

Who does this affect?

You're affected if you use a vulnerable version of prefect.

How can it be fixed?

Upgrade prefect to a patch version. It should be noted that the fix is currently only available in the pre-release version of 3.0.0 (version 3.0.0rc9).

Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For Free
Your data won't be shared · Read-only access
Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US