GHSA-jhjh-ghwx-6h7r

Source

https://github.com/advisories/GHSA-jhjh-ghwx-6h7r

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-jhjh-ghwx-6h7r/GHSA-jhjh-ghwx-6h7r.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-jhjh-ghwx-6h7r

Aliases

CVE-2017-1002157
PYSEC-2019-153

Published

2019-01-17T13:56:18Z

Modified

2024-09-24T21:02:22.625163Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

modulemd uses an unsafe function for processing externally provided data

Details

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

Database specific

{
    "nvd_published_at": "2019-01-10T21:29:00Z",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:43:31Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-242"
    ],
    "severity": "CRITICAL"
}

References

Affected packages

PyPI / modulemd

Package

Name: modulemd; View open source insights on deps.dev
Purl: pkg:pypi/modulemd

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.2

Affected versions

0.*

0.1

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0

1.3.0

1.3.1