CNNVD-202507-2903 Information

CNNVD ID

CNNVD-202507-2903

Related CVE

CVE-2025-51481

• CNNVD Published: 2025-07-22

Description (Chinese)

Dagster是Dagster开源的一个用于开发、生产和观察数据资产的编排平台。 Dagster 1.10.14版本存在安全漏洞，该漏洞源于notebook_path字段中的路径遍历序列可绕过基于扩展的检查，导致读取任意文件。

Description (English)

Dagster is a organizing platform for the development, production and observation of data assets from Dagster open source. There is a security loophole in the Dagster 1.10.14 version, which stems from the path-crossing sequence in the notebook path field that circumvents an extension-based inspection and leads to the reading of any file.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Dagster

Published

2025-07-22

Last Modified

2026-02-24

References

https://github.com/dagster-io/dagster/pull/30002 https://www.gecko.security/blog/cve-2025-51481 https://access.redhat.com/security/cve/cve-2025-51481 https://nvd.nist.gov/vuln/detail/CVE-2025-51481

Patch

https://github.com/dagster-io/dagster/releases