VYPR

Kubeflow/kubeflow

by Kubeflow

Source repositories

CVEs (4)

  • CVE-2024-5552HigJun 6, 2024
    risk 0.49cvss 7.5epss 0.01

    kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted…

  • CVE-2023-6570MedDec 14, 2023
    risk 0.42cvss 6.5epss 0.01

    Server-Side Request Forgery (SSRF) in kubeflow/kubeflow

  • CVE-2023-6571MedDec 14, 2023
    risk 0.40cvss 6.1epss 0.00

    Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow

  • CVE-2024-9526MedNov 18, 2024
    risk 0.00cvss 5.4epss 0.00

    There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a…