Vendor
Kubeflow
Products
1
CVEs
4
Across products
4
Status
Private
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5552 | Hig | 0.49 | 7.5 | 0.01 | Jun 6, 2024 | kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted… | ||
| CVE-2023-6570 | Med | 0.42 | 6.5 | 0.01 | Dec 14, 2023 | Server-Side Request Forgery (SSRF) in kubeflow/kubeflow | ||
| CVE-2023-6571 | Med | 0.40 | 6.1 | 0.00 | Dec 14, 2023 | Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow | ||
| CVE-2024-9526 | Med | 0.00 | 5.4 | 0.00 | Nov 18, 2024 | There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a… |
- risk 0.49cvss 7.5epss 0.01
kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted…
- risk 0.42cvss 6.5epss 0.01
Server-Side Request Forgery (SSRF) in kubeflow/kubeflow
- risk 0.40cvss 6.1epss 0.00
Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow
- risk 0.00cvss 5.4epss 0.00
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a…