High
CVSS 8.6
Overview
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
CVE-2024-21542
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Writ...
Risk analysis
This vulnerability is rated 🟠 HIGH.
- CVSS: 8.6 (HIGH)
- Detected tags: arb_write (tag impact: LOW)
Recommended actions:
- Prioritize remediation based on business criticality and exposure.
- Limit exposure and increase monitoring until fixed.