Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1jZ3JxLXd2ZmotdjI4as4AA-4F

Moderate CVSS: 6.9 EPSS: 0.00112% (0.30464 Percentile) EPSS:
Permalink JSON

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users

Affected Packages Affected Versions Fixed Versions
pypi:mage-ai
PURL: pkg:pypi/mage-ai
<= 0.9.73 No known fixed version
0 Dependent packages
2 Dependent repositories
21,400 Downloads last month

Affected Version Ranges

All affected versions

0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.1.0, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.4.16, 0.4.17, 0.4.18, 0.4.19, 0.4.20, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14, 0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 0.7.20, 0.7.21, 0.7.22, 0.7.23, 0.7.24, 0.7.25, 0.7.26, 0.7.27, 0.7.28, 0.7.29, 0.7.30, 0.7.32, 0.7.33, 0.7.34, 0.7.35, 0.7.36, 0.7.37, 0.7.38, 0.7.39, 0.7.40, 0.7.41, 0.7.42, 0.7.43, 0.7.44, 0.7.45, 0.7.46, 0.7.47, 0.7.48, 0.7.49, 0.7.50, 0.7.51, 0.7.53, 0.7.54, 0.7.55, 0.7.56, 0.7.57, 0.7.58, 0.7.59, 0.7.60, 0.7.61, 0.7.62, 0.7.63, 0.7.65, 0.7.66, 0.7.67, 0.7.68, 0.7.69, 0.7.70, 0.7.71, 0.7.72, 0.7.73, 0.7.74, 0.7.75, 0.7.76, 0.7.77, 0.7.78, 0.7.79, 0.7.80, 0.7.81, 0.7.82, 0.7.83, 0.7.84, 0.7.85, 0.7.86, 0.7.87, 0.7.88, 0.7.89, 0.7.90, 0.7.91, 0.7.92, 0.7.93, 0.7.94, 0.7.95, 0.7.96, 0.7.97, 0.7.98, 0.7.99, 0.7.100, 0.7.102, 0.7.103, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 0.8.15, 0.8.16, 0.8.17, 0.8.18, 0.8.19, 0.8.20, 0.8.21, 0.8.22, 0.8.23, 0.8.24, 0.8.25, 0.8.26, 0.8.27, 0.8.28, 0.8.29, 0.8.30, 0.8.31, 0.8.32, 0.8.33, 0.8.34, 0.8.35, 0.8.36, 0.8.37, 0.8.38, 0.8.39, 0.8.40, 0.8.41, 0.8.42, 0.8.43, 0.8.44, 0.8.45, 0.8.46, 0.8.47, 0.8.48, 0.8.49, 0.8.50, 0.8.51, 0.8.52, 0.8.53, 0.8.54, 0.8.55, 0.8.56, 0.8.57, 0.8.58, 0.8.59, 0.8.60, 0.8.61, 0.8.62, 0.8.63, 0.8.64, 0.8.66, 0.8.67, 0.8.68, 0.8.69, 0.8.70, 0.8.71, 0.8.72, 0.8.73, 0.8.74, 0.8.75, 0.8.76, 0.8.77, 0.8.78, 0.8.79, 0.8.80, 0.8.81, 0.8.82, 0.8.83, 0.8.84, 0.8.85, 0.8.86, 0.8.87, 0.8.88, 0.8.89, 0.8.90, 0.8.91, 0.8.92, 0.8.93, 0.8.94, 0.8.95, 0.8.96, 0.8.97, 0.8.98, 0.8.99, 0.8.100, 0.8.101, 0.8.102, 0.8.103, 0.8.104, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.9.25, 0.9.26, 0.9.27, 0.9.28, 0.9.29, 0.9.30, 0.9.31, 0.9.32, 0.9.33, 0.9.34, 0.9.35, 0.9.36, 0.9.37, 0.9.38, 0.9.39, 0.9.40, 0.9.41, 0.9.43, 0.9.44, 0.9.45, 0.9.46, 0.9.47, 0.9.48, 0.9.49, 0.9.50, 0.9.51, 0.9.55, 0.9.56, 0.9.57, 0.9.58, 0.9.59, 0.9.59b0, 0.9.60, 0.9.61, 0.9.62, 0.9.63, 0.9.64, 0.9.65, 0.9.66, 0.9.67, 0.9.68, 0.9.69, 0.9.70, 0.9.71, 0.9.72, 0.9.73

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users.

References:

Identifiers

GHSA-cgrq-wvfj-v28j

CVE-2024-8072

Risk

Severity

Moderate

CVSS

CVSS Score: 6.9

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00112

EPSS Percentile: 0.30464

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 1 year ago

Updated

16 days ago

API

JSON