PyPI package
backend.ai
pkg:pypi/backend.ai
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-49653 | Hig | 8.0 | <= 25.3.3 | — | Jun 9, 2025 | Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. | |
| CVE-2025-49652 | Cri | 9.8 | < 25.15.6 | 25.15.6 | Jun 9, 2025 | Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled. | |
| CVE-2025-49651 | Hig | 8.1 | <= 25.3.3 | — | Jun 9, 2025 | Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. |
- affected <= 25.3.3
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.
- affected < 25.15.6fixed 25.15.6
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
- affected <= 25.3.3
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.