PYSEC-2019-21

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/donfig/PYSEC-2019-21.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-21

Aliases

CVE-2019-7537
GHSA-3qr5-h7w4-3gx3

Published

2019-03-21T20:29:00Z

Modified

2026-06-10T17:01:11.970039412Z

Summary

[none]

Details

An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collectyaml method in configobj.py. It can execute arbitrary Python commands, resulting in command execution.

References

https://github.com/pytroll/donfig/issues/5
https://github.com/pytroll/donfig/commits/master
https://github.com/advisories/GHSA-3qr5-h7w4-3gx3

Affected packages

PyPI / donfig

Package

Name: donfig; View open source insights on deps.dev
Purl: pkg:pypi/donfig

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.0

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.2.0

0.3.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/donfig/PYSEC-2019-21.yaml"