Описание
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.2 | python-pygments | Will not fix | ||
| Red Hat Enterprise Linux 6 | python-pygments | Will not fix | ||
| Red Hat Enterprise Linux 7 | python-pygments | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | python-pygments | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | python-pygments | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-pygments | Will not fix | ||
| Red Hat Software Collections | python27-python-pygments | Will not fix | ||
| Red Hat Software Collections | python33-python-pygments | Will not fix | ||
| Red Hat Software Collections | rh-python34-python-pygments | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-77
https://bugzilla.redhat.com/show_bug.cgi?id=1276321python-pygments: Shell injection in FontManager._get_nix_font_path
5.1 Medium
CVSS2
Связанные уязвимости
CVSS3: 9
ubuntu
около 10 лет назад
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
CVSS3: 9
nvd
около 10 лет назад
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
CVSS3: 9
debian
около 10 лет назад
The FontManager._get_nix_font_path function in formatters/img.py in Py ...
5.1 Medium
CVSS2