Dagster vulnerable to Path Traversal attack through its /logs endpoint

GHSA-q93c-p2mw-p23f · CVE-2023-51232

Published Jul 7, 2025 · Modified Jul 8, 2025

Description

Directory Traversal vulnerability in dagster-webserver Dagster thru 1.5.10 allows remote attackers to obtain sensitive information via crafted request to the /logs endpoint. This may be restricted to certain file names that start with a dot ('.').

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-51232
WEB https://github.com/dagster-io/dagster/pull/18462
WEB https://github.com/dagster-io/dagster/commit/dbb064c2ddda74265b8174edd9775e1302ca6ba0
PACKAGE https://github.com/dagster-io/dagster

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes