Data.all is an open-source development framework that helps customers build a data marketplace on AWS. The framework has identified several issues in versions 1.0.0 through 2.6.0. On November 8, 2024, a fix was released, and customers are recommended to upgrade to version 2.6.1 or later. The issues are related to security vulnerabilities, including CVE-2024-52311, which involves authentication token invalidation upon user logout. CVE-2024-52312 allows authenticated users to perform restricted operations against DataSets and Environments. CVE-2024-52313 involves incorrect object-level authorizations for authenticated users. CVE-2024-52314 allows admin users to access sensitive data stored by producers via logs. Additionally, CVE-2024-10953 enables authenticated users to perform mutating update operations on persisted notification records. The security advisories for these issues can be found on GitHub. Customers with security questions or concerns can email [email protected].