CVE-2020-26279: Path Traversal

March 24, 2021 (updated March 27, 2021)

It is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG.

References

nvd.nist.gov/vuln/detail/CVE-2020-26279

Code Behaviors & Features

Detect and mitigate CVE-2020-26279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →