Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of ExternalNotebookData requests, bypassing the intended extension-based check.
Metrics
Affected Vendors & Products
References
History
Tue, 22 Jul 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-22 | |
Metrics |
cvssV3_1
|
Tue, 22 Jul 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of ExternalNotebookData requests, bypassing the intended extension-based check. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-07-22T00:00:00.000Z
Updated: 2025-07-22T18:13:15.486Z
Reserved: 2025-06-16T00:00:00.000Z
Link: CVE-2025-51481

Updated: 2025-07-22T18:12:17.216Z

Status : Awaiting Analysis
Published: 2025-07-22T17:15:33.543
Modified: 2025-07-25T15:29:44.523
Link: CVE-2025-51481

No data.