CVE-2024-12215
In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machine.
Vendor
-
Product
-
CWE
Yayın Tarihi
2025-03-20 10:15:27
Güncelleme
2025-10-15 13:15:39
Source Identifier
security@huntr.dev
KEV Date Added
-