Описание
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/noble | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | not-affected | |
| noble | not-affected |
Показывать по
Связанные уязвимости
A flaw was found in pandas. This vulnerability allows an attacker to execute arbitrary commands on the server via a crafted query in the pandas.DataFrame.query function when using the 'python' engine.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query. The issue arises from the improper validation of user-supplied input in the `query` function when using the 'python' engine, leading to potential remote command execution.