Name of the Vulnerable Software and Affected Versions: Dagster version 1.10.14 Description: A local file inclusion issue exists in the dagster. grpc.impl.get notebook data function. Attackers with access to the gRPC server can read arbitrary files by providing path traversal sequences in the notebook path field of ExternalNotebookData requests, bypassing the intended extension-based check. Recommendations: Update to a newer version that contains a fix for this issue. As a temporary workaround, restrict access to the gRPC server to minimize the risk of…Read More