VYPR

PyPI package

acryl-datahub

pkg:pypi/acryl-datahub

Vulnerabilities (1)

  • CVE-2022-39366Oct 28, 2022
    affected < 0.8.45fixed 0.8.45

    DataHub is an open-source metadata platform. Prior to version 0.8.45, the `StatelessTokenService` of the DataHub metadata service (GMS) does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authenticat