{"uuid": "7d59f203-d73d-4a3f-9ba3-df59da373367", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-36467", "type": "seen", "source": "https://t.me/cibsecurity/65624", "content": "\u203c CVE-2023-36467 \u203c\n\nAWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the \u00e2\u20ac\u02dcTemplate\u00e2\u20ac\u2122 field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-28T18:13:22.000000Z"}