EUVD-2022-0137

Malicious code in bioql PyPI...

Command Injection

libvcs is vulnerable to command injection. An attacker can inject and execute malicious hg clone commands through URLs in the obtain function of hg.py...

GHSA-MV2W-4JQC-6FG4 Command injection in libvcs and vcspull

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

Command injection in libvcs and vcspull

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

vcspull (>=1.8.0 <=1.8.1) potentially affected by CVE-2022-21187 via libvcs (=0.10.1)

libvcs PYPI version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on libvcs and may be impacted: - vcspull =1.8.0, =1.8.1 Source cves: CVE-2022-21187 Source advisory: OSV:GHSA-MV2W-4JQC-6FG4...

CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

vcspull (>=1.8.0 <=1.8.1) potentially affected by CVE-2022-21187 via libvcs (=0.10.1)

libvcs PYPI version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on libvcs and may be impacted: - vcspull =1.8.0, =1.8.1 Source cves: CVE-2022-21187 Source advisory: OSV:PYSEC-2022-163...

PYSEC-2022-163

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

PYSEC-2022-163

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

Command injection

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

CVE-2022-21187

The CVE-2022-21187 issue affects the libvcs package prior to version 0.11.1. The vulnerability arises in the update_repo path (when using Mercurial via hg), where the url parameter is passed to the hg clone command, enabling command injection and potential arbitrary command execution. Available c...

CVE-2022-21187 Command Injection

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

CVE-2022-21187

The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...

PT-2022-14911 · Libvcs · Libvcs

Name of the Vulnerable Software and Affected Versions: libvcs versions prior to 0.11.1 Description: The issue concerns Command Injection via argument injection. When the update repo function is called, specifically when using hg, the url parameter is passed to the hg clone command. This allows fo...

libvcs 参数注入漏洞

libvcs is a vcs abstraction layer. libvcs is vulnerable to command injection, which stems from the fact that when the updaterepo function is called, the url argument is passed to the hg clone command, and an attacker can exploit this vulnerability to execute commands by injecting some hg options...

Command Injection

Overview libvcs is a vcs abstraction layer. Affected versions of this package are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get...

vcspull (>=1.8.0 <=1.8.1) potentially affected by CVE-2022-21187 via libvcs (=0.10.1)

libvcs PYPI version =0.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on libvcs and may be impacted: - vcspull =1.8.0, =1.8.1 Source cves: CVE-2022-21187 Source advisory: SNYK:PYTHON-LIBVCS-2421204...