CVE-2026-3514
- EPSS 0.48%
- Veröffentlicht 02.06.2026 07:28:33
- Zuletzt bearbeitet 03.06.2026 17:08:35
In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' o...
CVE-2026-3515
- EPSS 0.3%
- Veröffentlicht 24.05.2026 03:32:32
- Zuletzt bearbeitet 26.05.2026 20:06:20
A vulnerability in the `GitHubRepository` block of the `prefect-github` integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the `reference` field. The `reference` field is concatenated directly in...
CVE-2024-8183
- EPSS 0.17%
- Veröffentlicht 20.03.2025 10:11:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, l...
CVE-2023-6022
- EPSS 0.39%
- Veröffentlicht 16.11.2023 17:15:09
- Zuletzt bearbeitet 21.11.2024 08:42:59
Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5.