Suggestions search

All statuses

Filter by:

With package: python312Packages.ydata-profiling

Found 3 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2024-37063

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer …

A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser.

References

Affected products

ydata-profiling

=<*
=<3.7.0

Matching in nixpkgs

pkgs.python312Packages.ydata-profiling

Create HTML profiling reports from Pandas DataFrames

nixos-unstable -
- nixpkgs-unstable 4.16.1

pkgs.python313Packages.ydata-profiling

Create HTML profiling reports from Pandas DataFrames

nixos-unstable -
- nixpkgs-unstable 4.16.1

Package maintainers

@bcdarwin Ben Darwin <bcdarwin@gmail.com>

Untriaged

Permalink CVE-2024-37062

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Deserialization of untrusted data can occur in versions 3.7.0 or …

Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.

References

Affected products

ydata-profiling

=<*
=<3.7.0

Matching in nixpkgs

pkgs.python312Packages.ydata-profiling

Create HTML profiling reports from Pandas DataFrames

nixos-unstable -
- nixpkgs-unstable 4.16.1

pkgs.python313Packages.ydata-profiling

Create HTML profiling reports from Pandas DataFrames

nixos-unstable -
- nixpkgs-unstable 4.16.1

Package maintainers

@bcdarwin Ben Darwin <bcdarwin@gmail.com>

Untriaged

Permalink CVE-2024-37064

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Deseriliazation of untrusted data can occur in versions 3.7.0 or …

Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.

References

Affected products

ydata-profiling

=<*
=<3.7.0

Matching in nixpkgs

pkgs.python312Packages.ydata-profiling

Create HTML profiling reports from Pandas DataFrames

nixos-unstable -
- nixpkgs-unstable 4.16.1

pkgs.python313Packages.ydata-profiling

Create HTML profiling reports from Pandas DataFrames

nixos-unstable -
- nixpkgs-unstable 4.16.1

Package maintainers

@bcdarwin Ben Darwin <bcdarwin@gmail.com>