GHSA-pf38-5p22-x6h6

Source

https://github.com/advisories/GHSA-pf38-5p22-x6h6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-pf38-5p22-x6h6/GHSA-pf38-5p22-x6h6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pf38-5p22-x6h6

Aliases

CVE-2023-0297

Published

2023-01-14T03:30:21Z

Modified

2024-02-16T08:21:05.963535Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Code Injection in pyload-ng

Details

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.

Database specific

{
    "nvd_published_at": "2023-01-14T03:15:00Z",
    "severity": "CRITICAL",
    "github_reviewed_at": "2023-01-25T22:03:48Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "github_reviewed": true
}

References

Affected packages

PyPI / pyload-ng

Package

Name: pyload-ng; View open source insights on deps.dev
Purl: pkg:pypi/pyload-ng

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.0b3.dev31

Affected versions

0.*

0.5.0a5.dev528

0.5.0a5.dev532

0.5.0a5.dev535

0.5.0a5.dev536

0.5.0a5.dev537

0.5.0a5.dev539

0.5.0a5.dev540

0.5.0a5.dev545

0.5.0a5.dev562

0.5.0a5.dev564

0.5.0a5.dev565

0.5.0a6.dev570

0.5.0a6.dev578

0.5.0a6.dev587

0.5.0a7.dev596

0.5.0a8.dev602

0.5.0a9.dev615

0.5.0a9.dev629

0.5.0a9.dev632

0.5.0a9.dev641

0.5.0a9.dev643

0.5.0a9.dev655

0.5.0a9.dev806

0.5.0b1.dev1

0.5.0b1.dev2

0.5.0b1.dev3

0.5.0b1.dev4

0.5.0b1.dev5

0.5.0b2.dev9

0.5.0b2.dev10

0.5.0b2.dev11

0.5.0b2.dev12

0.5.0b3.dev13

0.5.0b3.dev14

0.5.0b3.dev17

0.5.0b3.dev18

0.5.0b3.dev19

0.5.0b3.dev20

0.5.0b3.dev21

0.5.0b3.dev22

0.5.0b3.dev24

0.5.0b3.dev26

0.5.0b3.dev27

0.5.0b3.dev28

0.5.0b3.dev29

0.5.0b3.dev30

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-pf38-5p22-x6h6/GHSA-pf38-5p22-x6h6.json"