PYSEC-2024-173

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/streampipes/PYSEC-2024-173.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2024-173

Aliases

Published

2024-07-17T10:15:01Z

Modified

2025-01-18T22:56:53.581114Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution (RCE). The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache StreamPipes: through 0.93.0.

Users are recommended to upgrade to version 0.95.0, which fixes the issue.

References

Affected packages

PyPI / streampipes

Package

Name: streampipes; View open source insights on deps.dev
Purl: pkg:pypi/streampipes

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.95.0

Affected versions

0.*

0.0.2.dev0

0.91.0

0.92.0

0.93.0