Kotko Vladyslav

**Name of the Vulnerable Software and Affected Versions** Intel(R) AI Hackathon software versions prior to 2.0.0 **Description** The issue is related to an uncontrolled search path in the Intel(R) AI Hackathon software, which may allow an unauthenticated user to potentially enable escalation of privilege via network access. This could be exploited by a remote attacker to increase their privileges. **Recommendations** For versions prior to 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider restricting network access to the software until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Antilles versions prior to 1.0.1 **Description** A dependency confusion issue allows for remote code execution during installation due to a package listed in `requirements.txt` not existing in the public package index (PyPi). This is classified as an Uncontrolled Search Path Element, where a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes, and the `antilles-tools` dependency has been published to PyPi. **Recommendations** Update to version 1.0.1 or later as a precautionary measure, and remove previous versions of Antilles.