Опубликовано: 15 мар. 2022
Источник: github
Github: Прошло ревью
CVSS4: 9.3
CVSS3: 8.1
Описание
Command injection in libvcs and vcspull
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-21187
- https://github.com/vcs-python/libvcs/pull/306
- https://github.com/vcs-python/vcspull/commit/e1b77128a1fa0754625b5f43d8bc47956f21f33e
- https://github.com/pypa/advisory-database/tree/main/vulns/libvcs/PYSEC-2022-163.yaml
- https://github.com/vcs-python/libvcs/blob/master/CHANGES#libvcs-0111-2022-03-12
- https://github.com/vcs-python/libvcs/blob/v0.11.1/CHANGES%23libvcs-0111-2022-03-12
- https://github.com/vcs-python/vcspull/blob/master/CHANGES#vcspull-1111-2022-03-12
- https://snyk.io/vuln/SNYK-PYTHON-LIBVCS-2421204
Пакеты
Наименование
libvcs
pip
Затронутые версииВерсия исправления
< 0.11.1
0.11.1
Наименование
vcspull
pip
Затронутые версииВерсия исправления
< 1.11.1
1.11.1
EPSS
Процентиль: 79%
0.0128
Низкий
9.3 Critical
CVSS4
8.1 High
CVSS3
CVE ID
Дефекты
CWE-74
CWE-77
Связанные уязвимости
CVSS3: 8.1
nvd
почти 4 года назад
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution.
EPSS
Процентиль: 79%
0.0128
Низкий
9.3 Critical
CVSS4
8.1 High
CVSS3
CVE ID
Дефекты
CWE-74
CWE-77