Опубликовано: 14 июл. 2022
Источник: github
Github: Прошло ревью
CVSS4: 7.1
CVSS3: 6.5
Описание
Codecov does not sanitize gcov arguments
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-10800
- https://github.com/codecov/codecov-python/commit/2a80aa434f74feb31242b6f213b75ce63ae97902
- https://github.com/advisories/GHSA-h3qr-fjhm-jphw
- https://github.com/pypa/advisory-database/tree/main/vulns/codecov/PYSEC-2022-238.yaml
- https://snyk.io/vuln/SNYK-PYTHON-CODECOV-552149
Пакеты
Наименование
codecov
pip
Затронутые версииВерсия исправления
< 2.0.16
2.0.16
Связанные уязвимости
CVSS3: 6.5
nvd
больше 3 лет назад
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.
