Prefecthq Prefect
Monthly
Remote code execution in Prefect 3.6.23 allows any user holding deployment-creation permissions to run arbitrary commands on shared worker machines by abusing the GitRepository storage class. The commit_sha and directories parameters are concatenated into git invocations without a `--` separator or validation, letting attackers smuggle flags such as `--upload-pack` to execute external programs. No public exploit identified at time of analysis, but the bug was reported via huntr and is particularly dangerous for multi-tenant work pools where worker compromise crosses trust boundaries.
Authentication bypass in prefecthq/prefect 3.6.19 allows remote unauthenticated attackers to access sensitive API endpoints by naming resources with paths ending in 'health' or 'ready', exploiting overly broad suffix-matching in the auth middleware exemption logic. Confirmed exploitable per the huntr.com bounty disclosure and validated by the upstream patch which replaces suffix matching with exact path comparison. No public exploit identified at time of analysis, and no EPSS or KEV signal is provided in the available data.
Remote code execution in Prefect 3.6.23 allows any user holding deployment-creation permissions to run arbitrary commands on shared worker machines by abusing the GitRepository storage class. The commit_sha and directories parameters are concatenated into git invocations without a `--` separator or validation, letting attackers smuggle flags such as `--upload-pack` to execute external programs. No public exploit identified at time of analysis, but the bug was reported via huntr and is particularly dangerous for multi-tenant work pools where worker compromise crosses trust boundaries.
Authentication bypass in prefecthq/prefect 3.6.19 allows remote unauthenticated attackers to access sensitive API endpoints by naming resources with paths ending in 'health' or 'ready', exploiting overly broad suffix-matching in the auth middleware exemption logic. Confirmed exploitable per the huntr.com bounty disclosure and validated by the upstream patch which replaces suffix matching with exact path comparison. No public exploit identified at time of analysis, and no EPSS or KEV signal is provided in the available data.