kubeflow/pipelines

Releases194

Frequency2 weeks 4 hours

Last Release about 1 month ago

Stars4.15K

Machine Learning Pipelines for Kubeflow

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-9526 ↗	Nov 18, 2024Monday, 18 November 2024, 14:15	5.4 MEDIUM	—
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We recommend upgrading past commit 930c35f1c543998e60e8d648ce93185c9b5dbe8d