GHSA-6g88-vr3v-76mf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6g88-vr3v-76mf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-6g88-vr3v-76mf/GHSA-6g88-vr3v-76mf.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-6g88-vr3v-76mf
- Aliases
- Published
- 2019-11-20T01:31:31Z
- Modified
- 2025-02-21T06:09:19.425444Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Eval injection in Supybot/Limnoria
- Details
-
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
- Database specific
{ "severity": "CRITICAL", "github_reviewed": true, "nvd_published_at": null, "cwe_ids": [ "CWE-94" ], "github_reviewed_at": "2019-11-18T18:01:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-19010
- https://github.com/ProgVal/Limnoria/commit/3848ae78de45b35c029cc333963d436b9d2f0a35
- https://github.com/ProgVal/Limnoria
- https://github.com/ProgVal/Limnoria/wiki/math-eval-vulnerability
- https://github.com/advisories/GHSA-6g88-vr3v-76mf
- https://github.com/pypa/advisory-database/tree/main/vulns/limnoria/PYSEC-2019-102.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54CQM2TEXRADLE77VOMCPHL5PBHR3ZWJ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P2AGND54UIJV3WHOYO2YINIXSDGAAPO
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRNOUHFEN75QAIKT4Y3HDN3TT5LSIWN2
Affected packages
PyPI / limnoria
Package
- Name
- limnoria
- View open source insights on deps.dev
- Purl
- pkg:pypi/limnoria
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2019.11.09
Affected versions
Other
2013-01-21T20:33:09+0100
2013-01-23T17:11:52+0100
2013-02-01T20:50:46+0100
2013-02-02T19:59:03+0100
2013-02-02T20:23:17+0100
2013-02-08T17:40:57+0000
2013-03-27T16:32:26+0100
2013-05-09T12:47:53+0200
2013-05-10T17:55:56+0200
2013-05-14T20:16:05+0200
2013-06-01T10:32:51+0200
2013-07-19T09:11:08+0000
2013-08-12T21:48:56+0200
2013-09-11T19-27-10
2013-12-23T17-51-15
2014-01-12T15-52-10
0.*
0.2016.03.21
2014.*
2014.03.03
2014.05.08
2014.05.17
2014.05.29
2014.06.04
2014.06.26
2014.07.19
2014.10.09
2014.11.24
2014.12.07
2014.12.22
2015.*
2015.03.10
2015.04.29
2015.05.20
2015.07.08
2015.08.17
2015.08.29
2015.09.16
2015.10.04
2015.11.30
2015.12.02
2015.12.12
2016.*
2016.01.05
2016.02.23
2016.02.24
2016.03.21
2016.03.21.1
2016.03.21.2
2016.05.06
2016.06.27
2016.06.29
2016.08.07
2016.09.26
2016.10.01
2016.10.02
2016.11.28
2016.12.08
2017.*
2017.01.10
2017.03.30
2017.08.03
2017.08.18
2017.10.01
2018.*
2018.01.25
2018.04.14
2018.06.20
2018.06.25
2018.09.01
2018.09.09
2018.12.19
2019.*
2019.02.14
2019.02.21
2019.02.21.1
2019.02.22
2019.02.23
2019.05.28
2019.08.25
2019.09.08
2019.10.22