Lucene search
+L

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/12/01 5:52 p.m.23 views

Security Bulletin: Pydash is vulnerable to CVE-2023-26145 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses pydash, which is vulnerable to CVE-2023-26145. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-26145 DESCRIPTION: Python pydash package could allow a remote attacker to...

8.1CVSS8AI score0.02919EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2023/09/28 6:30 a.m.7 views

a9s (=0.7.0), algora-sdk (>=1.3.2 <=1.5.39) +76 more potentially affected by CVE-2023-26145 via pydash (>=4.2.1 <=5.1.2)

pydash PYPI version =4.2.1, =1.3.2, =0.1.0, =1.9.0, =0.2.6, =0.1.0, =1.0.1, =0.1.0b1, =0.0.2, =0.0.2, =0.1.0b1, =1.0.1, =2020.7.8, =0.0.20, =0.1.0, =0.3.1 and more Source cves: CVE-2023-26145 Source advisory: OSV:GHSA-8MJR-6C96-39W8...

8.1CVSS7.4AI score0.02919EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/09/28 5:15 a.m.6 views

a9s (=0.7.0), algora-sdk (>=1.3.2 <=1.5.39) +76 more potentially affected by CVE-2023-26145 via pydash (>=4.2.1 <=5.1.2)

pydash PYPI version =4.2.1, =1.3.2, =0.1.0, =1.9.0, =0.2.6, =0.1.0, =1.0.1, =0.1.0b1, =0.0.2, =0.0.2, =0.1.0b1, =1.0.1, =2020.7.8, =0.0.20, =0.1.0, =0.3.1 and more Source cves: CVE-2023-26145 Source advisory: OSV:PYSEC-2023-179...

8.1CVSS7.4AI score0.02919EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/09/28 5:0 a.m.10 views

CVE-2023-26145

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

7.4CVSS7AI score0.02919EPSS
Exploits1References3
CVE
CVE
added 2023/09/28 5:0 a.m.101 views

CVE-2023-26145

CVE-2023-26145 affects the Python package pydash prior to version 6.0.0 . Vulnerable are methods such as pydash.objects.invoke() and pydash.collections.invoke_map() , which accept dotted path strings to target nested objects. The issue is a potential Command Injection when prerequisites are met: ...

8.1CVSS8.1AI score0.02919EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder