Brabster

**Name of the Vulnerable Software and Affected Versions** dbt versions prior to 1.6.14 dbt versions prior to 1.7.14 dbt versions prior to 1.8.0 **Description** The issue allows a malicious package to override core components of dbt with harmful code when installed. This is due to the design of dbt, which permits packages to extend and customize its functionality. There are no known workarounds for this issue. **Recommendations** For versions prior to 1.6.14, update to version 1.6.14 and set `flags.require explicit package overrides for builtin materializations: False` in the configuration in `dbt project.yml`. For versions prior to 1.7.14, update to version 1.7.14 and set `flags.require explicit package overrides for builtin materializations: False` in the configuration in `dbt project.yml`. For versions prior to 1.8.0, update to version 1.8.0.