Kedro-Org Kedro vulnerabilities
3 known vulnerabilities affecting kedro-org/kedro-org_kedro.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-9701P2CRITICALCVSS 9.8≥ unspecified, < 0.19.92025-03-20
CVE-2024-9701 [CRITICAL] CWE-502 CVE-2024-9701: A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (vers
A Remote Code Execution (RCE) vulnerability has been identified in the Kedro ShelveStore class (version 0.19.8). This vulnerability allows an attacker to execute arbitrary Python code via deserialization of malicious payloads, potentially leading to a full system compromise. The ShelveStore class uses Python's shelve module to manage session data, w
nvd
CVE-2024-12215P3HIGHCVSS 8.8≥ unspecified, ≤ latest2025-03-20
CVE-2024-12215 [HIGH] CWE-94 CVE-2024-12215: In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and ex
In kedro-org/kedro version 0.19.8, the `pull_package()` API function allows users to download and extract micro packages from the Internet. However, the function `project_wheel_metadata()` within the code path can execute the `setup.py` file inside the tar file, leading to remote code execution (RCE) by running arbitrary commands on the victim's machin
nvd
CVE-2026-3840P3HIGHCVSS 7.1≥ unspecified, ≤ latest2026-06-12
CVE-2026-3840 [HIGH] CWE-22 CVE-2026-3840: A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a c
A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to escape the intended versioned dataset directory and
nvd