PyPI package
prefect
pkg:pypi/prefect
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-8183 | Hig | 7.6 | >= 3.0.0rc1, < 3.0.3 | 3.0.3 | Mar 20, 2025 | A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, servic | |
| CVE-2023-6022 | — | >= 2.0.0, < 2.16.5 | 2.16.5 | Nov 16, 2023 | Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. |
- affected >= 3.0.0rc1, < 3.0.3fixed 3.0.3
A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, servic
- CVE-2023-6022Nov 16, 2023affected >= 2.0.0, < 2.16.5fixed 2.16.5
Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5.