GHSA-jhjh-ghwx-6h7r

Suggest an improvement
Source
https://github.com/advisories/GHSA-jhjh-ghwx-6h7r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-jhjh-ghwx-6h7r/GHSA-jhjh-ghwx-6h7r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jhjh-ghwx-6h7r
Aliases
Published
2019-01-17T13:56:18Z
Modified
2024-02-16T08:20:16.687215Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
modulemd uses an unsafe function for processing externally provided data
Details

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

References

Affected packages

PyPI / modulemd

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2

Affected versions

0.*

0.1

1.*

1.0.0
1.0.1
1.0.2
1.1.0
1.2.0
1.3.0
1.3.1