VYPR

PyPI package

backend.ai

pkg:pypi/backend.ai

Vulnerabilities (3)

  • CVE-2025-49653HigJun 9, 2025
    affected <= 25.3.3

    Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.

  • CVE-2025-49652CriJun 9, 2025
    affected < 25.15.6fixed 25.15.6

    Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.

  • CVE-2025-49651HigJun 9, 2025
    affected <= 25.3.3

    Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.