spotify/luigi

GitHub

github.com

Releases77

Frequency1 month 3 weeks

Last Release 28 days ago

Stars18.7K

Luigi is a Python module that helps you build complex pipelines of batch jobs. It handles dependency resolution, workflow management, visualization etc. It also comes with Hadoop support built in.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-21542 ↗	Dec 10, 2024Tuesday, 10 December 2024, 05:15	8.6 HIGH	—
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
CVE-2018-1000843 ↗	Dec 20, 2018Thursday, 20 December 2018, 15:29	—	6.8 MEDIUM
Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later.