exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2023-41334

почти 2 года назад

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.

CVSS3: 8.4

EPSS: Низкий

CVE-2023-41334

почти 2 года назад

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.

CVSS3: 8.4

EPSS: Низкий

CVE-2023-41334

почти 2 года назад

Astropy is a project for astronomy in Python that fosters interoperabi ...

CVSS3: 8.4

EPSS: Низкий

GHSA-h2x6-5jx5-46hf

почти 2 года назад

RCE in TranformGraph().to_dot_graph function

CVSS3: 8.4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2023-41334 Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.	CVSS3: 8.4	4% Низкий	почти 2 года назад
CVE-2023-41334 Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.	CVSS3: 8.4	4% Низкий	почти 2 года назад
CVE-2023-41334 Astropy is a project for astronomy in Python that fosters interoperabi ...	CVSS3: 8.4	4% Низкий	почти 2 года назад
GHSA-h2x6-5jx5-46hf RCE in TranformGraph().to_dot_graph function	CVSS3: 8.4	4% Низкий	почти 2 года назад

Уязвимостей на страницу