CVE-2023-31143

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-31143
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31143.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-31143
Aliases
Related
Published
2023-05-09T15:15:10Z
Modified
2025-01-15T04:52:20.223725Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.

References

Affected packages

Git / github.com/mage-ai/mage-ai

Affected ranges

Type
GIT
Repo
https://github.com/mage-ai/mage-ai
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.7.74
0.7.84
0.7.90
0.7.98
0.8.11
0.8.15
0.8.2
0.8.24
0.8.27
0.8.29
0.8.3
0.8.37
0.8.44
0.8.52
0.8.58
0.8.69