VYPR

PyPI package

ydata-profiling

pkg:pypi/ydata-profiling

Vulnerabilities (3)

  • CVE-2024-37064HigJun 4, 2024
    affected >= 3.7.0, <= 4.8.3

    Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.

  • CVE-2024-37063HigJun 4, 2024
    affected >= 3.7.0, <= 4.8.3

    A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.

  • CVE-2024-37062HigJun 4, 2024
    affected >= 3.7.0, <= 4.8.3

    Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.