Описание
Use of Externally-Controlled Format String in consoleme
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-27177
- https://github.com/Netflix/consoleme/commit/2a3c84eee524d77c427b3329a8419cbbce9e1d16
- https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md
- https://github.com/pypa/advisory-database/tree/main/vulns/consoleme/PYSEC-2022-189.yaml
Пакеты
Наименование
consoleme
pip
Затронутые версииВерсия исправления
< 1.2.2
1.2.2
Связанные уязвимости
CVSS3: 9.8
nvd
почти 4 года назад
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2