VDB
EN
MEDIUM 6.3

PYSEC-2026-2071

ZenML is vulnerable to Path Traversal through its `PathMaterializer` class

상세

ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file writes, potentially resulting in arbitrary command execution if critical files are overwritten.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / zenml
최초 영향 버전: 0.81.0 수정 버전: 0.84.2
수정 pip install --upgrade 'zenml>=0.84.2'

참고