[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-43784":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":23,"downstream":24,"duplicates":27,"related":28,"reserved_at":9,"published_at":30,"modified_at":31,"state":32,"summary":33,"references_raw":42,"kevs":66,"epss":67,"epss_history":70,"metrics":337,"affected":350},"CVE-2024-43784","lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-281","Improper Preservation of Permissions","The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.","weakness","Draft","Base",[],[],[21,22],"GHSA-hh33-46q4-hwm2","GO-2024-3291",[],[25],{"_key":26},"OPENSUSE-SU-2024:14567-1",[],[29],{"_key":26},"2024-11-26T20:17:56.482Z","2024-11-26T21:37:39.411Z","Deferred",{"cisa_kev":34,"cisa_ransomware":34,"cisa_vendor":9,"epss_severity":35,"epss_score":36,"severity":37,"severity_score":38,"severity_version":39,"severity_source":40,"severity_vector":41,"severity_status":32},false,"low",0.00037,"medium",5.7,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L",[43,52,57,61],{"url":44,"sources":45,"tags":48},"https://github.com/treeverse/lakeFS/security/advisories/GHSA-hh33-46q4-hwm2",[40,46,47],"nvd","osv_go",[49,50,51],"X Refsource CONFIRM","WEB","Advisory",{"url":53,"sources":54,"tags":55},"https://github.com/treeverse/lakeFS/releases/tag/v1.33.0",[40,46,47],[56,50],"X Refsource MISC",{"url":58,"sources":59,"tags":60},"https://nvd.nist.gov/vuln/detail/CVE-2024-43784",[47],[51],{"url":62,"sources":63,"tags":64},"https://github.com/treeverse/lakeFS",[47],[65],"PACKAGE",[],{"date":68,"score":36,"percentile":69},"2026-06-04",0.11404,[71,75,78,81,84,87,90,93,96,99,102,105,108,111,114,118,121,123,126,129,132,135,138,141,144,147,150,153,156,159,162,165,168,170,173,176,179,182,185,187,189,192,195,198,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,250,254,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,332,335],{"date":72,"score":73,"percentile":74},"2025-11-04",0.00093,0.26906,{"date":76,"score":73,"percentile":77},"2025-11-05",0.26886,{"date":79,"score":73,"percentile":80},"2025-11-06",0.26897,{"date":82,"score":73,"percentile":83},"2025-11-07",0.26899,{"date":85,"score":73,"percentile":86},"2025-11-08",0.26895,{"date":88,"score":73,"percentile":89},"2025-11-09",0.26847,{"date":91,"score":73,"percentile":92},"2025-11-10",0.26813,{"date":94,"score":73,"percentile":95},"2025-11-11",0.26833,{"date":97,"score":73,"percentile":98},"2025-11-12",0.26872,{"date":100,"score":73,"percentile":101},"2025-11-13",0.26876,{"date":103,"score":73,"percentile":104},"2025-11-14",0.26863,{"date":106,"score":73,"percentile":107},"2025-11-15",0.26851,{"date":109,"score":73,"percentile":110},"2025-11-16",0.26809,{"date":112,"score":73,"percentile":113},"2025-11-17",0.26771,{"date":115,"score":116,"percentile":117},"2025-11-18",0.0015,0.30168,{"date":119,"score":116,"percentile":120},"2025-11-19",0.30184,{"date":122,"score":116,"percentile":120},"2025-11-20",{"date":124,"score":73,"percentile":125},"2025-11-21",0.26743,{"date":127,"score":73,"percentile":128},"2025-11-22",0.26744,{"date":130,"score":73,"percentile":131},"2025-11-23",0.26699,{"date":133,"score":73,"percentile":134},"2025-11-24",0.26669,{"date":136,"score":73,"percentile":137},"2025-11-25",0.26661,{"date":139,"score":73,"percentile":140},"2025-11-26",0.2665,{"date":142,"score":73,"percentile":143},"2025-11-27",0.26652,{"date":145,"score":73,"percentile":146},"2025-11-28",0.2662,{"date":148,"score":73,"percentile":149},"2025-11-29",0.26603,{"date":151,"score":73,"percentile":152},"2025-11-30",0.26563,{"date":154,"score":73,"percentile":155},"2025-12-01",0.26615,{"date":157,"score":73,"percentile":158},"2025-12-02",0.26638,{"date":160,"score":73,"percentile":161},"2025-12-03",0.26645,{"date":163,"score":73,"percentile":164},"2025-12-04",0.26581,{"date":166,"score":73,"percentile":167},"2025-12-05",0.26618,{"date":169,"score":73,"percentile":155},"2025-12-06",{"date":171,"score":73,"percentile":172},"2025-12-07",0.26584,{"date":174,"score":73,"percentile":175},"2025-12-08",0.26585,{"date":177,"score":73,"percentile":178},"2025-12-09",0.26643,{"date":180,"score":73,"percentile":181},"2025-12-10",0.26715,{"date":183,"score":73,"percentile":184},"2025-12-11",0.26733,{"date":186,"score":73,"percentile":128},"2025-12-12",{"date":188,"score":73,"percentile":125},"2025-12-13",{"date":190,"score":73,"percentile":191},"2025-12-14",0.26705,{"date":193,"score":73,"percentile":194},"2025-12-15",0.26676,{"date":196,"score":73,"percentile":197},"2025-12-16",0.26686,{"date":199,"score":73,"percentile":128},"2025-12-17",{"date":201,"score":73,"percentile":202},"2025-12-18",0.26797,{"date":204,"score":73,"percentile":205},"2025-12-19",0.26808,{"date":207,"score":73,"percentile":208},"2025-12-20",0.2678,{"date":210,"score":73,"percentile":211},"2025-12-21",0.26741,{"date":213,"score":73,"percentile":214},"2025-12-22",0.2671,{"date":216,"score":73,"percentile":217},"2025-12-23",0.26678,{"date":219,"score":73,"percentile":220},"2025-12-24",0.26693,{"date":222,"score":73,"percentile":223},"2025-12-25",0.26769,{"date":225,"score":73,"percentile":226},"2025-12-26",0.26758,{"date":228,"score":73,"percentile":229},"2025-12-27",0.26745,{"date":231,"score":73,"percentile":232},"2025-12-28",0.2663,{"date":234,"score":73,"percentile":235},"2025-12-29",0.26597,{"date":237,"score":73,"percentile":238},"2025-12-30",0.26595,{"date":240,"score":73,"percentile":241},"2025-12-31",0.26657,{"date":243,"score":73,"percentile":244},"2026-01-01",0.26763,{"date":246,"score":73,"percentile":247},"2026-01-02",0.26762,{"date":249,"score":73,"percentile":128},"2026-01-03",{"date":251,"score":252,"percentile":253},"2026-01-04",0.00026,0.06588,{"date":255,"score":256,"percentile":257},"2026-01-05",0.00027,0.0708,{"date":259,"score":256,"percentile":260},"2026-01-06",0.07071,{"date":262,"score":256,"percentile":263},"2026-01-07",0.07095,{"date":265,"score":256,"percentile":266},"2026-01-08",0.07153,{"date":268,"score":256,"percentile":269},"2026-01-09",0.07168,{"date":271,"score":256,"percentile":272},"2026-01-10",0.07199,{"date":274,"score":256,"percentile":275},"2026-01-11",0.07181,{"date":277,"score":256,"percentile":278},"2026-01-12",0.07155,{"date":280,"score":256,"percentile":281},"2026-01-13",0.07141,{"date":283,"score":256,"percentile":284},"2026-01-14",0.07186,{"date":286,"score":256,"percentile":287},"2026-01-15",0.07194,{"date":289,"score":256,"percentile":290},"2026-01-16",0.07207,{"date":292,"score":256,"percentile":293},"2026-01-17",0.07218,{"date":295,"score":256,"percentile":296},"2026-01-18",0.07191,{"date":298,"score":256,"percentile":299},"2026-01-19",0.07151,{"date":301,"score":256,"percentile":302},"2026-01-20",0.07118,{"date":304,"score":256,"percentile":305},"2026-01-21",0.07113,{"date":307,"score":256,"percentile":308},"2026-01-22",0.07092,{"date":310,"score":256,"percentile":311},"2026-01-23",0.07152,{"date":313,"score":256,"percentile":314},"2026-01-24",0.07208,{"date":316,"score":256,"percentile":317},"2026-01-25",0.07193,{"date":319,"score":256,"percentile":320},"2026-01-26",0.07179,{"date":322,"score":256,"percentile":323},"2026-01-27",0.07167,{"date":325,"score":256,"percentile":326},"2026-01-28",0.07145,{"date":328,"score":256,"percentile":329},"2026-01-29",0.07139,{"date":331,"score":256,"percentile":299},"2026-01-30",{"date":333,"score":256,"percentile":334},"2026-01-31",0.07174,{"date":336,"score":256,"percentile":290},"2026-02-01",[338,343,345],{"source":40,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":339,"cvss_v4_0":9},{"baseScore":38,"baseSeverity":340,"vectorString":41,"impactScore":341,"exploitabilityScore":342},"MEDIUM",7.8,2.3,{"source":46,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":344,"cvss_v4_0":9},{"baseScore":38,"baseSeverity":340,"vectorString":41,"impactScore":341,"exploitabilityScore":342},{"source":47,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":346,"cvss_v4_0":347},{"baseScore":38,"baseSeverity":9,"vectorString":41,"impactScore":341,"exploitabilityScore":342},{"baseScore":348,"baseSeverity":9,"vectorString":349,"impactScore":9,"exploitabilityScore":9},6.8,"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",[351,364],{"ecosystem":352,"name":353,"vendor":354,"product":355,"cpe_part":9,"purl_type":356,"purl_namespace":354,"purl_name":355,"source":9,"versions":357},"Go","github.com/treeverse/lakefs","github.com/treeverse","lakefs","golang",[358],{"version":359,"is_range":360,"range_type":361,"version_start":9,"version_start_type":9,"version_end":362,"version_end_type":363,"fixed_in":9},"lt1_33_0",true,"semver","1.33.0","excluding",{"ecosystem":9,"name":365,"vendor":366,"product":355,"cpe_part":367,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":368},"lakeFS","treeverse","a",[369],{"version":370,"is_range":360,"range_type":40,"version_start":371,"version_start_type":372,"version_end":362,"version_end_type":363,"fixed_in":9},">= 1.31.1, \u003C 1.33.0","1.31.1","including"]