Highrashid Akanchwala

Name of the Vulnerable Software and Affected Versions Kedro versions prior to 1.3.0 Description The ` get versioned path()` method directly interpolates user-supplied version strings without sanitization when constructing filesystem paths. This allows traversal sequences like '../' to escape the intended versioned dataset directory. This is reachable through `catalog.load(..., version=...)`, `DataCatalog.from config(..., load versions=...)`, and the CLI via `kedro run --load-versions=dataset:../../../secrets`. An attacker influencing the version string can force Kedro to load files from outside the intended directory, potentially leading to unauthorized file reads, data poisoning, or cross-tenant data access. Recommendations Upgrade to Kedro version 1.3.0 or later. Validate version strings before passing them to DataCatalog or the CLI, ensuring they do not contain `..` segments, path separators, or absolute paths.