{"id":"PYSEC-2025-102","details":"Local File Inclusion in dagster._grpc.impl.get_notebook_data in Dagster 1.10.14 allows attackers with access to the gRPC server to read arbitrary files by supplying path traversal sequences in the notebook_path field of ExternalNotebookData requests, bypassing the intended extension-based check.","aliases":["CVE-2025-51481","GHSA-h7x8-jv97-fvvm"],"modified":"2026-06-11T19:30:04.453709177Z","published":"2025-07-22T17:15:33.543Z","references":[{"type":"REPORT","url":"https://github.com/dagster-io/dagster/pull/30002"},{"type":"PACKAGE","url":"https://github.com/dagster-io/dagster"},{"type":"EVIDENCE","url":"https://www.gecko.security/blog/cve-2025-51481"}],"affected":[{"package":{"name":"dagster-ge","ecosystem":"PyPI","purl":"pkg:pypi/dagster-ge"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"1.10.14"}]}],"versions":["0.10.0","0.10.0rc0","0.10.1","0.10.1rc0","0.10.2","0.10.2rc0","0.10.3","0.10.3rc0","0.10.4","0.10.4rc0","0.10.5","0.10.5rc0","0.10.6","0.10.6rc0","0.10.7","0.10.7rc0","0.10.8","0.10.8rc0","0.10.9","0.11.0","0.11.0rc0","0.11.1","0.11.10","0.11.10rc0","0.11.10rc1","0.11.10rc2","0.11.11","0.11.11rc1","0.11.11rc5","0.11.11rc7","0.11.12","0.11.12rc0","0.11.12rc2","0.11.12rc3","0.11.13","0.11.13rc2","0.11.13rc3","0.11.13rc5","0.11.14","0.11.14rc0","0.11.14rc1","0.11.14rc2","0.11.14rc3","0.11.14rc4","0.11.14rc5","0.11.14rc7","0.11.14rc8","0.11.15","0.11.15rc0","0.11.15rc1","0.11.16","0.11.16rc10","0.11.16rc18","0.11.1rc0","0.11.2","0.11.2rc0","0.11.3","0.11.3rc0","0.11.4","0.11.4rc0","0.11.5","0.11.5rc0","0.11.5rc1","0.11.6","0.11.6rc11","0.11.6rc13","0.11.6rc14","0.11.6rc15","0.11.6rc16","0.11.6rc17","0.11.6rc18","0.11.6rc19","0.11.6rc20","0.11.6rc21","0.11.6rc22","0.11.6rc23","0.11.6rc24","0.11.6rc25","0.11.6rc26","0.11.6rc27","0.11.6rc28","0.11.6rc29","0.11.6rc31","0.11.6rc32","0.11.6rc5","0.11.6rc7","0.11.6rc8","0.11.6rc9","0.11.7","0.11.7rc1","0.11.7rc10","0.11.7rc13","0.11.7rc14","0.11.7rc2","0.11.7rc3","0.11.7rc4","0.11.7rc6","0.11.7rc7","0.11.7rc8","0.11.7rc9","0.11.8","0.11.8rc4","0.11.8rc5","0.11.9","0.11.9rc10","0.11.9rc11","0.11.9rc12","0.11.9rc6","0.11.9rc7","0.11.9rc8","0.12.0","0.12.0rc0","0.12.1","0.12.10","0.12.10rc0","0.12.10rc1","0.12.11","0.12.11rc0","0.12.12","0.12.12rc0","0.12.13","0.12.13rc0","0.12.14","0.12.14rc0","0.12.14rc1","0.12.14rc2","0.12.15","0.12.15rc2","0.12.1rc0","0.12.2","0.12.2rc0","0.12.3","0.12.3rc1","0.12.4","0.12.4rc0","0.12.4rc1","0.12.5","0.12.5rc0","0.12.6","0.12.6rc0","0.12.7","0.12.7rc0","0.12.8","0.12.8rc0","0.12.9","0.12.9rc0","0.12.9rc1","0.12.9rc2","0.13.0","0.13.0rc0","0.13.1","0.13.10","0.13.10rc3","0.13.11","0.13.11rc0","0.13.12","0.13.12rc2","0.13.13","0.13.13rc0","0.13.14","0.13.14rc0","0.13.15","0.13.15rc0","0.13.16","0.13.16rc0","0.13.17","0.13.17rc0","0.13.18","0.13.18rc0","0.13.19","0.13.19rc2","0.13.1rc0","0.13.2","0.13.2rc0","0.13.2rc2","0.13.3","0.13.3rc0","0.13.4","0.13.4rc0","0.13.5","0.13.5rc0","0.13.6","0.13.6rc0","0.13.7","0.13.7rc0","0.13.8","0.13.8rc0","0.13.9","0.13.9rc0","0.14.0","0.14.0rc0","0.14.1","0.14.10","0.14.11","0.14.12","0.14.13","0.14.14","0.14.15","0.14.16","0.14.16rc2","0.14.16rc3","0.14.16rc4","0.14.17","0.14.17rc10","0.14.17rc3","0.14.17rc4","0.14.17rc5","0.14.17rc6","0.14.17rc7","0.14.17rc8","0.14.18","0.14.18rc2","0.14.18rc3","0.14.18rc4","0.14.18rc5","0.14.18rc6","0.14.19","0.14.1rc0","0.14.2","0.14.20","0.14.20rc0","0.14.21rc0","0.14.2rc0","0.14.3","0.14.3rc0","0.14.4","0.14.4rc0","0.14.5","0.14.5rc0","0.14.6","0.14.6rc0","0.14.7","0.14.7rc0","0.14.8","0.14.8rc1","0.14.9","0.14.9rc0","0.15.0","0.15.1","0.15.10","0.15.2","0.15.3","0.15.4","0.15.5","0.15.6","0.15.7","0.15.8","0.15.9","0.16.0","0.16.0rc2","0.16.1","0.16.10","0.16.11","0.16.12","0.16.13","0.16.14","0.16.15","0.16.16","0.16.17","0.16.2","0.16.3","0.16.4","0.16.6","0.16.7","0.16.8","0.16.9","0.17.1","0.17.10","0.17.11","0.17.12","0.17.13","0.17.14","0.17.15","0.17.16","0.17.17","0.17.17rc0","0.17.18","0.17.19","0.17.2","0.17.20","0.17.21","0.17.3","0.17.4","0.17.5","0.17.6","0.17.7","0.17.8","0.17.9","0.18.0","0.18.1","0.18.2","0.18.3","0.18.4","0.18.5","0.18.6","0.18.7","0.19.0","0.19.1","0.19.10","0.19.11","0.19.12","0.19.13","0.19.14","0.19.14rc1","0.19.14rc2","0.19.2","0.19.3","0.19.4","0.19.5","0.19.6","0.19.7","0.19.8","0.19.9","0.19.9rc0","0.20.0","0.20.1","0.20.10","0.20.11","0.20.12","0.20.13","0.20.13rc0","0.20.13rc1","0.20.14","0.20.15","0.20.16","0.20.17","0.20.2","0.20.3","0.20.4","0.20.5","0.20.6","0.20.7","0.20.8","0.20.9","0.21.0","0.21.1","0.21.10","0.21.11","0.21.12","0.21.13","0.21.14","0.21.14rc0","0.21.2","0.21.3","0.21.4","0.21.5","0.21.6","0.21.7","0.21.8","0.21.9","0.22.0","0.22.1","0.22.10","0.22.11","0.22.12","0.22.13","0.22.14","0.22.2","0.22.3","0.22.4","0.22.5","0.22.6","0.22.7","0.22.8","0.22.9","0.23.0","0.23.1","0.23.10","0.23.11","0.23.12","0.23.13","0.23.14","0.23.15","0.23.16","0.23.2","0.23.2rc1","0.23.2rc2","0.23.2rc3","0.23.2rc4","0.23.3","0.23.4","0.23.5","0.23.6","0.23.7","0.23.8","0.23.9","0.23.9rc0","0.24.0","0.24.1","0.24.10","0.24.11","0.24.12","0.24.13","0.24.2","0.24.3","0.24.4","0.24.5","0.24.6","0.24.7","0.24.8","0.24.9","0.25.0","0.25.1","0.25.10","0.25.11","0.25.12","0.25.13","0.25.2","0.25.3","0.25.4","0.25.4rc0","0.25.5","0.25.6","0.25.7","0.25.8","0.25.9","0.26.0","0.26.1","0.26.10","0.26.11","0.26.11rc0","0.26.11rc1","0.26.12","0.26.13","0.26.14","0.26.15","0.26.16","0.26.17","0.26.18","0.26.18rc0","0.26.18rc1","0.26.18rc2","0.26.19","0.26.2","0.26.20","0.26.21","0.26.3","0.26.4","0.26.5","0.26.6","0.26.6rc0","0.26.7","0.26.7rc0","0.26.8","0.26.9","0.27.0","0.27.1","0.27.10","0.27.11","0.27.12","0.27.13","0.27.14","0.27.15","0.27.16","0.27.2","0.27.3","0.27.4","0.27.5","0.27.6","0.27.7","0.27.8","0.27.9","0.28.0","0.28.1","0.28.10","0.28.11","0.28.12","0.28.13","0.28.13rc0","0.28.14","0.28.14rc2","0.28.14rc3","0.28.14rc4","0.28.15","0.28.15rc3","0.28.15rc4","0.28.16","0.28.16rc1","0.28.17","0.28.17rc0","0.28.18","0.28.19","0.28.2","0.28.20","0.28.21","0.28.22","0.28.3","0.28.4","0.28.5","0.28.6","0.28.7","0.28.8","0.28.9","0.29.0","0.29.1","0.29.2","0.29.3","0.29.4","0.29.5","0.29.5rc0","0.29.6","0.29.7","0.29.8","0.29.9","0.3.0","0.3.0.post2","0.3.0.post3","0.3.3.post1","0.3.4","0.3.5","0.4.0","0.4.0rc2","0.4.3","0.4.3.post2","0.4.3.post4","0.4.3rc1","0.5.0","0.5.0rc0","0.5.0rc2","0.5.0rc3","0.5.0rc4","0.5.1","0.5.1rc0","0.5.2","0.5.2.post2","0.5.2.post3","0.5.2rc0","0.5.3","0.5.4","0.5.4rc0","0.5.5","0.5.5rc0","0.5.6","0.5.6rc2","0.5.7","0.5.7rc0","0.5.8","0.5.8rc0","0.5.9","0.5.9rc0","0.6.0","0.6.0.post0","0.6.0rc0","0.6.0rc1","0.6.1","0.6.1rc1","0.6.2","0.6.2rc0","0.6.2rc1","0.6.2rc2","0.6.3","0.6.3rc0","0.6.3rc2","0.6.4","0.6.4rc0","0.6.4rc3","0.6.5","0.6.5rc3","0.6.6","0.6.6rc1","0.6.7","0.6.7.post0","0.6.7rc0","0.6.8","0.6.8rc2","0.6.9","0.7.0","0.7.0rc0","0.7.0rc1","0.7.1","0.7.1rc0","0.7.2","0.7.2rc0","0.7.3","0.7.3rc1","0.8.10","0.8.10rc0","0.8.10rc1","0.8.10rc2","0.8.6","0.8.6rc1","0.8.7","0.8.7rc0","0.8.8","0.8.8rc0","0.8.9","0.8.9rc0","0.9.0","0.9.0rc0","0.9.1","0.9.10.post0","0.9.11","0.9.11rc0","0.9.12","0.9.12rc0","0.9.12rc1","0.9.13","0.9.13rc0","0.9.14","0.9.14rc0","0.9.15","0.9.15rc0","0.9.16","0.9.16rc0","0.9.17","0.9.17rc0","0.9.18","0.9.18rc0","0.9.19","0.9.19rc0","0.9.1rc0","0.9.1rc1","0.9.2","0.9.20","0.9.20rc0","0.9.21","0.9.21rc0","0.9.22","0.9.22.post0","0.9.22rc1","0.9.2rc0","0.9.3","0.9.3rc0","0.9.4","0.9.4rc0","0.9.5","0.9.5rc1","0.9.6","0.9.6rc0","0.9.7","0.9.7rc0","0.9.8","0.9.8rc0","0.9.9","0.9.9rc1"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/dagster-ge/PYSEC-2025-102.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L"}]}