3 matches found
eve-elastic (=2.6.0), eve-sqlalchemy (>=0.5.0 <=0.7.1) +1 more potentially affected by CVE-2018-8097 via eve (>=0.6.4 <=0.7.10)
eve PYPI version =0.6.4, =0.5.0, =1.0.0, =1.4.0rc2 Source cves: CVE-2018-8097 Source advisory: OSV:GHSA-8JXQ-75RW-FHJ9...
CVE-2018-8097
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
CVE-2018-8097
CVE-2018-8097 affects Eve (aka pyeve) prior to 0.7.5. The vulnerability resides in io/mongo/parser.py where the where parameter enables Code Injection, allowing remote execution of arbitrary code. Multiple sources corroborate remote-code-execution via this parameter. A PoC/notice exists showing f...