Linux Distros Unpatched Vulnerability : CVE-2022-24065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code wit...

Mageia: Security Advisory (MGASA-2022-0258)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-cookiecutter (FEDORA-2022-ff1c98b2fe)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

agogosml-cli (=0.1.2), anyforce (>=0.2.6 <=0.3.12) +198 more potentially affected by CVE-2022-24065 via cookiecutter (>=1.0.0 <=1.7.3)

cookiecutter PYPI version =1.0.0, =0.2.6, =0.2.0, =1.7.1, =0.2.0, =0.1.0, =0.17.0, =0.10.48, =0.1.0, =0.0.4, =0.2.1, =1.0.3 and more Source cves: CVE-2022-24065 Source advisory: OSV:GHSA-F4Q6-9QM4-H8J4...

CVE-2022-24065

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

CVE-2022-24065

The CVE-2022-24065 vulnerability affects the Python package cookiecutter prior to 2.1.1 . The root cause is a Command Injection via the checkout flow: when cookiecutter is invoked from Python code and passes the checkout parameter to the underlying hg checkout command, additional flags can be set...