exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2020-15271

больше 5 лет назад

In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.

CVSS3: 9.3

EPSS: Низкий

CVE-2020-15271

больше 5 лет назад

In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.

CVSS3: 9.3

EPSS: Низкий

CVE-2020-15271

больше 5 лет назад

In lookatme (python/pypi package) versions prior to 2.3.0, the package ...

CVSS3: 9.3

EPSS: Низкий

GHSA-c84h-w6cr-5v8q

больше 5 лет назад

Markdown-supplied Shell Command Execution

CVSS3: 9.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2020-15271 In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.	CVSS3: 9.3	0% Низкий	больше 5 лет назад
CVE-2020-15271 In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.	CVSS3: 9.3	0% Низкий	больше 5 лет назад
CVE-2020-15271 In lookatme (python/pypi package) versions prior to 2.3.0, the package ...	CVSS3: 9.3	0% Низкий	больше 5 лет назад
GHSA-c84h-w6cr-5v8q Markdown-supplied Shell Command Execution	CVSS3: 9.3	0% Низкий	больше 5 лет назад

Уязвимостей на страницу