{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37097?format=json","vulnerability_id":"VCID-1gme-shqk-5ydx","summary":"Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of ExternalNotebookData requests, bypassing the intended extension-based check.","aliases":[{"alias":"CVE-2025-51481"},{"alias":"PYSEC-2025-102"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://github.com/dagster-io/dagster","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://github.com/dagster-io/dagster"},{"reference_url":"https://github.com/dagster-io/dagster/pull/30002","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://github.com/dagster-io/dagster/pull/30002"},{"reference_url":"https://www.gecko.security/blog/cve-2025-51481","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"}],"url":"https://www.gecko.security/blog/cve-2025-51481"}],"weaknesses":[],"exploits":[],"severity_range_score":"6.6 - 6.6","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gme-shqk-5ydx"}