Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qZzk1LXI5eGgteHc5Y84AA-6V
Mage AI incorrectly gives privileges to users with deleted accounts
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server.
Permalink: https://github.com/advisories/GHSA-jg95-r9xh-xw9cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qZzk1LXI5eGgteHc5Y84AA-6V
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 7.1
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-jg95-r9xh-xw9c, CVE-2024-45187
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-45187
- https://research.jfrog.com/vulnerabilities/mage-ai-deleted-users-rce-jfsa-2024-001039602
- https://github.com/advisories/GHSA-jg95-r9xh-xw9c
Affected Packages
pypi:mage-ai
Dependent packages: 0Dependent repositories: 2
Downloads: 42,140 last month
Affected Version Ranges: <= 0.9.73
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.1.0, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.3.1, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.4.16, 0.4.17, 0.4.18, 0.4.19, 0.4.20, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.6.5, 0.6.6, 0.6.7, 0.6.8, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14, 0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 0.7.20, 0.7.21, 0.7.22, 0.7.23, 0.7.24, 0.7.25, 0.7.26, 0.7.27, 0.7.28, 0.7.29, 0.7.30, 0.7.32, 0.7.33, 0.7.34, 0.7.35, 0.7.36, 0.7.37, 0.7.38, 0.7.39, 0.7.40, 0.7.41, 0.7.42, 0.7.43, 0.7.44, 0.7.45, 0.7.46, 0.7.47, 0.7.48, 0.7.49, 0.7.50, 0.7.51, 0.7.53, 0.7.54, 0.7.55, 0.7.56, 0.7.57, 0.7.58, 0.7.59, 0.7.60, 0.7.61, 0.7.62, 0.7.63, 0.7.65, 0.7.66, 0.7.67, 0.7.68, 0.7.69, 0.7.70, 0.7.71, 0.7.72, 0.7.73, 0.7.74, 0.7.75, 0.7.76, 0.7.77, 0.7.78, 0.7.79, 0.7.80, 0.7.81, 0.7.82, 0.7.83, 0.7.84, 0.7.85, 0.7.86, 0.7.87, 0.7.88, 0.7.89, 0.7.90, 0.7.91, 0.7.92, 0.7.93, 0.7.94, 0.7.95, 0.7.96, 0.7.97, 0.7.98, 0.7.99, 0.7.100, 0.7.102, 0.7.103, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6, 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 0.8.15, 0.8.16, 0.8.17, 0.8.18, 0.8.19, 0.8.20, 0.8.21, 0.8.22, 0.8.23, 0.8.24, 0.8.25, 0.8.26, 0.8.27, 0.8.28, 0.8.29, 0.8.30, 0.8.31, 0.8.32, 0.8.33, 0.8.34, 0.8.35, 0.8.36, 0.8.37, 0.8.38, 0.8.39, 0.8.40, 0.8.41, 0.8.42, 0.8.43, 0.8.44, 0.8.45, 0.8.46, 0.8.47, 0.8.48, 0.8.49, 0.8.50, 0.8.51, 0.8.52, 0.8.53, 0.8.54, 0.8.55, 0.8.56, 0.8.57, 0.8.58, 0.8.59, 0.8.60, 0.8.61, 0.8.62, 0.8.63, 0.8.64, 0.8.66, 0.8.67, 0.8.68, 0.8.69, 0.8.70, 0.8.71, 0.8.72, 0.8.73, 0.8.74, 0.8.75, 0.8.76, 0.8.77, 0.8.78, 0.8.79, 0.8.80, 0.8.81, 0.8.82, 0.8.83, 0.8.84, 0.8.85, 0.8.86, 0.8.87, 0.8.88, 0.8.89, 0.8.90, 0.8.91, 0.8.92, 0.8.93, 0.8.94, 0.8.95, 0.8.96, 0.8.97, 0.8.98, 0.8.99, 0.8.100, 0.8.101, 0.8.102, 0.8.103, 0.8.104, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.9.8, 0.9.9, 0.9.10, 0.9.11, 0.9.12, 0.9.13, 0.9.14, 0.9.15, 0.9.16, 0.9.17, 0.9.18, 0.9.19, 0.9.20, 0.9.21, 0.9.22, 0.9.23, 0.9.24, 0.9.25, 0.9.26, 0.9.27, 0.9.28, 0.9.29, 0.9.30, 0.9.31, 0.9.32, 0.9.33, 0.9.34, 0.9.35, 0.9.36, 0.9.37, 0.9.38, 0.9.39, 0.9.40, 0.9.41, 0.9.43, 0.9.44, 0.9.45, 0.9.46, 0.9.47, 0.9.48, 0.9.49, 0.9.50, 0.9.51, 0.9.55, 0.9.56, 0.9.57, 0.9.58, 0.9.59, 0.9.60, 0.9.61, 0.9.62, 0.9.63, 0.9.64, 0.9.65, 0.9.66, 0.9.67, 0.9.68, 0.9.69, 0.9.70, 0.9.71, 0.9.72, 0.9.73