Количество 4
Количество 4
CVE-2024-9880
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-9880
A flaw was found in pandas. This vulnerability allows an attacker to execute arbitrary commands on the server via a crafted query in the pandas.DataFrame.query function when using the 'python' engine.
CVE-2024-9880
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-g3v3-r244-mhhm
A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query. The issue arises from the improper validation of user-supplied input in the `query` function when using the 'python' engine, leading to potential remote command execution.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-9880 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 10 месяцев назад | ||
 | CVE-2024-9880 A flaw was found in pandas. This vulnerability allows an attacker to execute arbitrary commands on the server via a crafted query in the pandas.DataFrame.query function when using the 'python' engine. | CVSS3: 8.4 | 10 месяцев назад | |
 | CVE-2024-9880 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 10 месяцев назад | ||
| GHSA-g3v3-r244-mhhm A command injection vulnerability exists in the `pandas.DataFrame.query` function of pandas-dev/pandas versions up to and including v2.2.2. This vulnerability allows an attacker to execute arbitrary commands on the server by crafting a malicious query. The issue arises from the improper validation of user-supplied input in the `query` function when using the 'python' engine, leading to potential remote command execution. | CVSS3: 8.4 | 10 месяцев назад |
Уязвимостей на страницу