Lucene search
K

6 matches found

CBLMariner
CBLMariner
added 2025/01/12 9:15 a.m.202 views

CVE-2022-36069 affecting package poetry 1.0.10-2

CVE-2022-36069 affecting package poetry 1.0.10-2. No patch is available currently...

7.3CVSS7.3AI score0.01413EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/09/16 7:26 p.m.4 views

depend (>=0.2.0 <=0.3.0), ekrhizoc (>=0.0.5 <=0.1.0) +12 more potentially affected by CVE-2022-36069 via poetry (>=1.0.0 <=1.1.5)

poetry PYPI version =1.0.0, =0.2.0, =0.0.5, =2020.1.0, =0.1.4, =5.2.0, =0.0.5, =0.1.0, =0.4.0, =0.1.0, =0.3.0, =0.1.3, =0.0.1, =0.1.4 Source cves: CVE-2022-36069 Source advisory: OSV:GHSA-9XGJ-FCGF-X6MW...

7.3CVSS7.2AI score0.01413EPSS
Exploits1
NVD
NVD
added 2022/09/07 7:15 p.m.26 views

CVE-2022-36069

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

7.3CVSS0.01413EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/09/07 7:15 p.m.4 views

depend (>=0.2.0 <=0.3.0), ekrhizoc (>=0.0.5 <=0.1.0) +12 more potentially affected by CVE-2022-36069 via poetry (>=1.0.0 <=1.1.5)

poetry PYPI version =1.0.0, =0.2.0, =0.0.5, =2020.1.0, =0.1.4, =5.2.0, =0.0.5, =0.1.0, =0.4.0, =0.1.0, =0.3.0, =0.1.3, =0.0.1, =0.1.4 Source cves: CVE-2022-36069 Source advisory: OSV:PYSEC-2022-266...

7.3CVSS7.2AI score0.01413EPSS
Exploits1
CVE
CVE
added 2022/09/07 6:30 p.m.185 views

CVE-2022-36069

Poetry (Python) is affected by CVE-2022-36069 where dependency handling from Git repositories can trigger arbitrary code execution if a repository URL or input starts with a dash, causing certain commands (e.g., git clone) to be parsed as options rather than positional arguments. The root cause i...

7.3CVSS7.8AI score0.01413EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2022/09/07 6:30 p.m.36 views

CVE-2022-36069

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

7.3CVSS7.8AI score0.01413EPSS
Exploits1
Rows per page
Query Builder