Vulnerability	Vulnerable Version
L Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') allowing an attacker to install a malicious package, gaining the ability to override macros, materializations, and other core components of dbt. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? Upgrade `dbt-core` to version 1.6.14, 1.7.14 or higher.	[0,1.6.14)[1.7.0,1.7.14)
M Binding to an Unrestricted IP Address dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications. Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the binding to `INADDR_ANY` or `IN6ADDR_ANY` to any network interface on the local system, which exposes the application on all network interfaces. An attacker can gain unauthorized access by connecting to the application from any network interface. How to fix Binding to an Unrestricted IP Address? Upgrade `dbt-core` to version 1.6.15, 1.7.15, 1.8.1 or higher.	[1.5.0b1,1.6.15)[1.7.0,1.7.15)[1.8.0,1.8.1)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') allowing an attacker to install a malicious package, gaining the ability to override macros, materializations, and other core components of dbt.

How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')?

Upgrade dbt-core to version 1.6.14, 1.7.14 or higher.

[0,1.6.14)[1.7.0,1.7.14)

Binding to an Unrestricted IP Address

dbt-core is a With dbt, data analysts and engineers can build analytics the way engineers build applications.

Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the binding to INADDR_ANY or IN6ADDR_ANY to any network interface on the local system, which exposes the application on all network interfaces. An attacker can gain unauthorized access by connecting to the application from any network interface.

How to fix Binding to an Unrestricted IP Address?

Upgrade dbt-core to version 1.6.15, 1.7.15, 1.8.1 or higher.

[1.5.0b1,1.6.15)[1.7.0,1.7.15)[1.8.0,1.8.1)

Go back to all versions of this package