PyPI package
duckdb
pkg:pypi/duckdb
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41672 | — | >= 1.0.0, < 1.1.0 | 1.1.0 | Jul 24, 2024 | DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to |
- CVE-2024-41672Jul 24, 2024affected >= 1.0.0, < 1.1.0fixed 1.1.0
DuckDB is a SQL database management system. In versions 1.0.0 and prior, content in filesystem is accessible for reading using `sniff_csv`, even with `enable_external_access=false`. This vulnerability provides an attacker with access to filesystem even when access is expected to