GHSA-w873-xcqq-x922

Suggest an improvement
Source
https://github.com/advisories/GHSA-w873-xcqq-x922
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-w873-xcqq-x922/GHSA-w873-xcqq-x922.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w873-xcqq-x922
Aliases
Published
2021-09-01T18:37:24Z
Modified
2024-02-16T08:17:08.194405Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Command Injection in Simiki
Details

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'.

References

Affected packages

PyPI / simiki

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.2.2

Affected versions

0.*

0.1.0
0.2.0
0.2.1
0.2.2
0.3.0
0.3.1
0.4.0
0.4.1
0.5.0

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.1
1.2
1.2.1
1.2.2
1.2.3
1.2.4
1.3
1.4
1.4.1
1.5.0-1
1.5.0.post1
1.5.1
1.6.0
1.6.0.1
1.6.2
1.6.2.1

Ecosystem specific

{
    "affected_functions": [
        "simiki.config.parse_config"
    ]
}

Database specific

{
    "last_known_affected_version_range": "<= 1.6.2.1"
}