Опубликовано: 05 сент. 2025
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 9.8
Описание
TkEasyGUI Vulnerable to OS Command Injection
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.
Пакеты
Наименование
TkEasyGUI
pip
Затронутые версииВерсия исправления
< 1.0.22
1.0.22
Связанные уязвимости
CVSS3: 9.8
nvd
5 месяцев назад
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.