6 matches found
CVE-2022-36069 affecting package poetry 1.0.10-2
CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available currently...
depend (>=0.2.0 <=0.3.0), ekrhizoc (>=0.0.5 <=0.1.0) +12 more potentially affected by CVE-2022-36069 via poetry (>=1.0.0 <=1.1.5)
poetry PYPI version =1.0.0, =0.2.0, =0.0.5, =2020.1.0, =0.1.4, =5.2.0, =0.0.5, =0.1.0, =0.4.0, =0.1.0, =0.3.0, =0.1.3, =0.0.1, =0.1.4 Source cves: CVE-2022-36069 Source advisory: OSV:GHSA-9XGJ-FCGF-X6MW...
CVE-2022-36069
Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...
depend (>=0.2.0 <=0.3.0), ekrhizoc (>=0.0.5 <=0.1.0) +12 more potentially affected by CVE-2022-36069 via poetry (>=1.0.0 <=1.1.5)
poetry PYPI version =1.0.0, =0.2.0, =0.0.5, =2020.1.0, =0.1.4, =5.2.0, =0.0.5, =0.1.0, =0.4.0, =0.1.0, =0.3.0, =0.1.3, =0.0.1, =0.1.4 Source cves: CVE-2022-36069 Source advisory: OSV:PYSEC-2022-266...
CVE-2022-36069
Poetry (Python) is affected by CVE-2022-36069 where dependency handling from Git repositories can trigger arbitrary code execution if a repository URL or input starts with a dash, causing certain commands (e.g., git clone) to be parsed as options rather than positional arguments. The root cause i...
CVE-2022-36069
Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...