HIGH 8.8
PYSEC-2026-1799
Cross-Site Request Forgery vulnerability in Prefect
Details
An attacker is able to steal secrets and potentially gain remote code execution via CSRF using a self-hosted, open source Prefect API.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-6022 [ADVISORY]
- https://github.com/prefecthq/prefect/commit/227dfcc7e3374c212a4bcd68b14e090b1c02d9d3 [WEB]
- https://github.com/PrefectHQ/prefect/blob/main/RELEASE-NOTES.md#release-2165 [WEB]
- https://github.com/prefecthq/prefect [PACKAGE]
- https://huntr.com/bounties/dab47d99-551c-4355-9ab1-c99cb90235af [WEB]
- https://pypi.org/project/prefect [PACKAGE]
- https://github.com/advisories/GHSA-4hh5-2678-83fx [ADVISORY]