PyPI package
ydata-profiling
pkg:pypi/ydata-profiling
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-37064 | Hig | 7.8 | >= 3.7.0, <= 4.8.3 | — | Jun 4, 2024 | Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded. | |
| CVE-2024-37063 | Hig | 7.8 | >= 3.7.0, <= 4.8.3 | — | Jun 4, 2024 | A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser. | |
| CVE-2024-37062 | Hig | 7.8 | >= 3.7.0, <= 4.8.3 | — | Jun 4, 2024 | Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded. |
- affected >= 3.7.0, <= 4.8.3
Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.
- affected >= 3.7.0, <= 4.8.3
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.
- affected >= 3.7.0, <= 4.8.3
Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.