Lucene search
GoogleOSV:PYSEC-2021-840HistoryNov 12, 2021 - 10:15 p.m.
PYSEC-2021-840
2021-11-1222:15:00
Google
osv.dev
4
0.005 Low
EPSS
Percentile
77.2%
A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.
| CPE | Name | Operator | Version |
|---|---|---|---|
| antilles-tools | eq | 1.0.0 |
Related
veracode
veracode
Remote Code Execution (RCE)
2021-11-15 04:40:49
osv
osv
Antilles Dependency Confusion Vulnerability
2021-11-03 17:36:22
CVE-2021-3840
2021-11-12 22:15:08
github
github
Antilles Dependency Confusion Vulnerability
2021-11-03 17:36:22
prion
prion
Type confusion
2021-11-12 22:15:00
cve
cve
CVE-2021-3840
2021-11-12 22:15:08
cvelist
cvelist
CVE-2021-3840
2021-11-12 22:05:54
nvd
nvd
CVE-2021-3840
2021-11-12 22:15:08
cnvd
cnvd
Lenovo Antilles has unspecified vulnerabilities
2021-11-16 00:00:00