PyPI package
dbt-core
pkg:pypi/dbt-core
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-40637 | — | >= 1.6.0, < 1.6.14 | 1.6.14 | Jul 16, 2024 | dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by | ||
| CVE-2024-36105 | Med | 5.3 | < 1.6.15 | 1.6.15 | May 27, 2024 | dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to `INADDR_ANY (0.0.0.0)` or `IN6ADDR_ANY (::)` exposes an application on all network i |
- CVE-2024-40637Jul 16, 2024affected >= 1.6.0, < 1.6.14fixed 1.6.14
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by
- affected < 1.6.15fixed 1.6.15
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to `INADDR_ANY (0.0.0.0)` or `IN6ADDR_ANY (::)` exposes an application on all network i