VYPR

PyPI package

luigi

pkg:pypi/luigi

Vulnerabilities (2)

  • CVE-2024-21542HigDec 10, 2024
    affected < 3.6.0fixed 3.6.0

    Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.

  • CVE-2018-1000843HigDec 20, 2018
    affected < 2.8.0fixed 2.8.0

    Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, pa