Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
mage
16048.5%CRITICAL

Related CVEs

6
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-45190Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" requestMEDIUM6.553.9%Aug 23, 2024
CVE-2024-45189Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" requestMEDIUM6.554.6%Aug 23, 2024
CVE-2024-45188Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" requestMEDIUM6.554.6%Aug 23, 2024
CVE-2024-45187Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal serverHIGH8.837.0%Aug 23, 2024
CVE-2024-8072Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary usersMEDIUM5.344.0%Aug 22, 2024
CVE-2023-31143mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.CRITICAL9.846.9%May 9, 2023