PYSEC-2018-8

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/eve/PYSEC-2018-8.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2018-8

Aliases

Published

2018-03-14T12:29:00Z

Modified

2023-11-08T04:00:25.713396Z

Summary

[none]

Details

io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter.

References

Affected packages

PyPI / eve

Package

Name: eve; View open source insights on deps.dev
Purl: pkg:pypi/eve

Affected ranges

Type: GIT
Repo: https://github.com/pyeve/eve
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f8f7019ffdf9b4e05faf95e1f04e204aa4c91f98

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.5

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

0.0.7

0.0.8

0.0.9

0.1

0.1.1

0.2

0.3

0.4

0.5

0.5.1

0.5.2

0.5.3

0.6

0.6.1

0.6.2

0.6.3

0.6.4

0.7

0.7.1

0.7.2

0.7.3

0.7.4

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/eve/PYSEC-2018-8.yaml"