Skip to main content

Mage Ai

6 CVEs product

Monthly

CVE-2024-45190 PyPI MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-45189 PyPI MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-45188 PyPI MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2024-45187 PyPI HIGH This Week

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Mage Ai
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-8072 PyPI MEDIUM POC This Month

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mage Ai
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-31143 PyPI CRITICAL PATCH Act Now

mage-ai is an open-source data pipeline tool for transforming and integrating data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Mage Ai
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Mage Ai
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Mage Ai
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mage Ai
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

mage-ai is an open-source data pipeline tool for transforming and integrating data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Mage Ai
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy