kernels is vulnerable to Download of Code Without Integrity Check
60
Medium Risk
The kernels library downloads compute kernel repositories from the Hub and imports their Python modules at runtime. Affected versions download .pyc and __pycache__ bytecode files that are excluded from the lockfile and digest integrity hashes, so this bytecode is never covered by integrity verification. An attacker who publishes or tampers with a kernel repository can smuggle malicious Python bytecode that runs when the kernel is imported while the source files still pass hash checks, leading to arbitrary code execution. The fix stops downloading bytecode files and includes any stray top-level .pyc files in the digest.
You are affected if you are using a version that falls within the vulnerable range and you load kernels from a repository that an attacker can publish to or modify.
kernels is vulnerable to Download of Code Without Integrity Check in versions 0.1.7 - 0.15.2.
Upgrade the kernels library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant