PYSEC-2021-380

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/ops-cli/PYSEC-2021-380.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2021-380

Aliases

Published

2021-10-15T15:15:00Z

Modified

2024-04-29T14:42:11.064569Z

Summary

[none]

Details

Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.

References

https://helpx.adobe.com/security/products/ops_cli/apsb21-88.html

Affected packages

PyPI / ops-cli

Package

Name: ops-cli; View open source insights on deps.dev
Purl: pkg:pypi/ops-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.5

Affected versions

1.*

1.10.0

1.10.1

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.11.7

1.11.8

1.11.9

1.11.10

1.11.11

1.11.12

1.12.1

1.12.2

2.*

2.0.3

2.0.4