VYPR
Vendor

Kedro Org

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2024-9701CriMar 20, 2025
    risk 0.57cvss 9.8epss 0.01

    A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The…

  • CVE-2024-12215HigMar 20, 2025
    risk 0.57cvss 8.8epss 0.01

    In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to…

  • CVE-2026-3840HigJun 12, 2026
    risk 0.46cvss 7.1epss 0.00

    A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization.…

  • CVE-2026-35492MedApr 7, 2026
    risk 0.35cvss 6.5epss 0.00

    Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing ..…