Prefect
Monthly
Argument injection in Prefect up to 3.6.25.dev6 allows authenticated attackers to execute arbitrary git commands via specially crafted commit_sha or directories parameters in the GitRepository Pull Handler (src/prefect/runner/storage.py). An attacker can inject git flags like --upload-pack or --config to achieve remote code execution with the privileges of the Prefect runner process. Publicly available exploit code exists, and the vendor has released a patched version (3.6.25.dev7) that validates commit SHA format and adds command-line argument separators to block injection.
Time-of-check time-of-use (TOCTOU) vulnerability in Prefect's validate_restricted_url function allows remote attackers with low privileges to bypass Server-Side Request Forgery (SSRF) protections via DNS rebinding attacks during webhook and notification delivery. Publicly available exploit code exists. The vulnerability affects Prefect versions up to 3.6.28.dev1 and is fixed in 3.6.28.dev2.
Authentication bypass in Prefect WebSocket endpoint /api/events/in allows unauthenticated remote attackers to send events without valid credentials in versions up to 3.6.13. The vulnerability exploits missing authentication validation on the WebSocket connection handshake, allowing attackers to interact with the events API when authentication is configured. A publicly available exploit exists; vendor patch version 3.6.14 addresses this by implementing mandatory subprotocol-based authentication handshake.
Authentication bypass in Prefect up to version 3.6.21 allows remote unauthenticated attackers to access the Health Check API endpoint by manipulating the request path suffix matching logic. The vulnerability affects the /api/health endpoint's improper authentication validation using the endswith() function, enabling attackers to craft requests that bypass authentication checks. Publicly available exploit code exists and the vendor has released patch version 3.6.22.
Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Argument injection in Prefect up to 3.6.25.dev6 allows authenticated attackers to execute arbitrary git commands via specially crafted commit_sha or directories parameters in the GitRepository Pull Handler (src/prefect/runner/storage.py). An attacker can inject git flags like --upload-pack or --config to achieve remote code execution with the privileges of the Prefect runner process. Publicly available exploit code exists, and the vendor has released a patched version (3.6.25.dev7) that validates commit SHA format and adds command-line argument separators to block injection.
Time-of-check time-of-use (TOCTOU) vulnerability in Prefect's validate_restricted_url function allows remote attackers with low privileges to bypass Server-Side Request Forgery (SSRF) protections via DNS rebinding attacks during webhook and notification delivery. Publicly available exploit code exists. The vulnerability affects Prefect versions up to 3.6.28.dev1 and is fixed in 3.6.28.dev2.
Authentication bypass in Prefect WebSocket endpoint /api/events/in allows unauthenticated remote attackers to send events without valid credentials in versions up to 3.6.13. The vulnerability exploits missing authentication validation on the WebSocket connection handshake, allowing attackers to interact with the events API when authentication is configured. A publicly available exploit exists; vendor patch version 3.6.14 addresses this by implementing mandatory subprotocol-based authentication handshake.
Authentication bypass in Prefect up to version 3.6.21 allows remote unauthenticated attackers to access the Health Check API endpoint by manipulating the request path suffix matching logic. The vulnerability affects the /api/health endpoint's improper authentication validation using the endswith() function, enabling attackers to craft requests that bypass authentication checks. Publicly available exploit code exists and the vendor has released patch version 3.6.22.
Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.