Alldata · Alldata · CVE-2023-36467
**Name of the Vulnerable Software and Affected Versions**
data.all versions 1.2.0 through 1.5.1
**Description**
The issue concerns remote code execution when a user injects Python commands into the `Template` field while configuring a data pipeline. This can only be triggered by authenticated users.
**Recommendations**
For data.all versions 1.2.0 through 1.5.1, update to version 1.5.2 or later to resolve the issue.