CVE-2018-1000523

Опубликовано: 26 июн. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 5.8

EPSS Низкий

Описание

topydo contains a CWE-20: Improper Input Validation vulnerability in ListFormatParser::parse, file topydo/lib/ListFormat.py line 292 as of d4f843dac71308b2f29a7c2cdc76f055c3841523 that can result in Injection of arbitrary bytes to the terminal, including terminal escape code sequences. This attack appear to be exploitable via The victim must open a todo.txt with at least one specially crafted line..

Ссылки

https://github.com/bram85/topydo/blob/master/topydo/lib/ListFormat.py#L292
Third Party Advisory
https://github.com/bram85/topydo/issues/240
Third Party Advisory
https://github.com/bram85/topydo/blob/master/topydo/lib/ListFormat.py#L292
Third Party Advisory
https://github.com/bram85/topydo/issues/240
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:topydo:topydo:-:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00285

Низкий

8.1 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-h6h9-pphv-m266