Описание
A command injection vulnerability exists in the pandas.DataFrame.query function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query. The issue arises from the improper validation of user-supplied input in the query function when using the 'python' engine, leading to potential remote command execution.
A command injection vulnerability exists in the pandas.DataFrame.query function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query. The issue arises from the improper validation of user-supplied input in the query function when using the 'python' engine, leading to potential remote command execution.
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
A flaw was found in pandas. This vulnerability allows an attacker to execute arbitrary commands on the server via a crafted query in the pandas.DataFrame.query function when using the 'python' engine.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.