EUVD-2024-0929

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-41334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is...

Mageia: Security Advisory (MGASA-2024-0313)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated python-astropy packages fix security vulnerability

Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a command or a script file as a value to the savelayout argument, which will be placed as the first value in a...

MGASA-2024-0313 Updated python-astropy packages fix security vulnerability

Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a command or a script file as a value to the savelayout argument, which will be placed as the first value in a...

Fedora: Security Advisory (FEDORA-2024-d8ac19de55)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-d329148f1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: python-astropy-5.3.3-1.fc40

The Astropy project is a common effort to develop a single core package for Astronomy. Major packages such as PyFITS, PyWCS, vo, and asciitable already merged in, and many more components being worked on. In particular, we are developing imaging, photometric, and spectroscopic functionality, as...

[SECURITY] Fedora 39 Update: python-astropy-5.3.3-1.fc39

The Astropy project is a common effort to develop a single core package for Astronomy. Major packages such as PyFITS, PyWCS, vo, and asciitable already merged in, and many more components being worked on. In particular, we are developing imaging, photometric, and spectroscopic functionality, as...

Fedora 39 : python-astropy (2024-d8ac19de55)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d8ac19de55 advisory. Security fix for CVE-2023-41334 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 40 : python-astropy (2024-d329148f1e)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d329148f1e advisory. Security fix for CVE-2023-41334 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

OPENSUSE-SU-2024:13797-1 python310-astropy-6.0.0-3.1 on GA media

These are all security issues fixed in the python310-astropy-6.0.0-3.1 package on the GA media of openSUSE Tumbleweed...

[SECURITY] [3803-1] astropy security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3803-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 30, 2024 https://wiki.debian.org/LTS -...

[SECURITY] [3803-1] astropy security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3803-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb April 30, 2024 https://wiki.debian.org/LTS -...

DLA-3803-1 astropy - security update

Bulletin has no description...

Remote Code Execution

Astropy is vulnerable to remote code execution. The vulnerability is due to improper input validation in the todotgraph function in the file transformations.py, allowing an attacker to execute commands or scripts as a value to the savelayout argument, which are then executed through the...

SUSE CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

RCE in TranformGraph().to_dot_graph function

Summary RCE due to improper input validation in TranformGraph.todotgraph function Details Due to improper input validation a malicious user can provide a command or a script file as a value to savelayout argument, which will be placed as the first value in a list of arguments passed to...

aimapper (=0.1.0), aimfast (>=0.1.0 <=1.3.3) +237 more potentially affected by CVE-2023-41334 via astropy (>=1.2.1 <=5.3.2)

astropy PYPI version =1.2.1, =0.1.0, =0.2.0, =0.2.2, =0.7.1, =2.5.0, =0.0.3, =0.0.1, =1.0.1, =0.3.0, =0.0.2, =1.0.0, =1.4.0 and more Source cves: CVE-2023-41334 Source advisory: OSV:GHSA-H2X6-5JX5-46HF...

CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...