CVE-2024-12215

NONE EPSS 58.0%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machine.

Threat Intelligence

EPSS Exploit Probability
58.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 1

  • huntr.com https://huntr.com/bounties/fad27503-97a4-4933-91d4-96223b8c54d8

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.