GHSA-8jxq-75rw-fhj9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8jxq-75rw-fhj9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-8jxq-75rw-fhj9/GHSA-8jxq-75rw-fhj9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8jxq-75rw-fhj9
- Aliases
- Published
- 2018-07-12T20:29:35Z
- Modified
- 2025-02-21T05:41:26.471949Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Eve allows execution of arbitrary code
- Details
-
io/mongo/parser.pyin Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in thewhereparameter. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-94" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:25:51Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-8097
- https://github.com/pyeve/eve/issues/1101
- https://github.com/pyeve/eve/commit/f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98
- https://github.com/advisories/GHSA-8jxq-75rw-fhj9
- https://github.com/pyeve/eve
- https://github.com/pypa/advisory-database/tree/main/vulns/eve/PYSEC-2018-8.yaml
Affected packages
PyPI / eve
Package
- Name
- eve
- View open source insights on deps.dev
- Purl
- pkg:pypi/eve