Описание
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.from_transformation_str() method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval() for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 2024.10.29+dfsg1-5 |
| esm-apps/jammy | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needed | |
| mantic | ignored | end of life, was needs-triage |
| noble | DNE | |
| oracular | not-affected | 2024.1.27+dfsg1-7ubuntu1 |
| plucky | not-affected | 2024.10.29+dfsg1-5 |
Показывать по
EPSS
9.3 Critical
CVSS3
Связанные уязвимости
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
Pymatgen (Python Materials Genomics) is an open-source Python library ...
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
EPSS
9.3 Critical
CVSS3