CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.from_transformation_str()
method within the pymatgen
library prior to version 2024.2.20. This method insecurely utilizes eval()
for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
[
{
"vendor": "materialsproject",
"product": "pymatgen",
"versions": [
{
"version": "< 2024.2.20",
"status": "affected"
}
]
}
]