Lucene search

K
osvGoogleOSV:CVE-2020-15271
HistoryOct 26, 2020 - 6:15 p.m.

CVE-2020-15271

2020-10-2618:15:14
Google
osv.dev
2

8.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%

In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in “terminal” and “file_loader” extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the lookatme/contrib/terminal.py and lookatme/contrib/file_loader.py files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.

8.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.1%