5 matches found
Security Bulletin: Pydash is vulnerable to CVE-2023-26145 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses pydash, which is vulnerable to CVE-2023-26145. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-26145 DESCRIPTION: Python pydash package could allow a remote attacker to...
a9s (=0.7.0), algora-sdk (>=1.3.2 <=1.5.39) +76 more potentially affected by CVE-2023-26145 via pydash (>=4.2.1 <=5.1.2)
pydash PYPI version =4.2.1, =1.3.2, =0.1.0, =1.9.0, =0.2.6, =0.1.0, =1.0.1, =0.1.0b1, =0.0.2, =0.0.2, =0.1.0b1, =1.0.1, =2020.7.8, =0.0.20, =0.1.0, =0.3.1 and more Source cves: CVE-2023-26145 Source advisory: OSV:GHSA-8MJR-6C96-39W8...
a9s (=0.7.0), algora-sdk (>=1.3.2 <=1.5.39) +76 more potentially affected by CVE-2023-26145 via pydash (>=4.2.1 <=5.1.2)
pydash PYPI version =4.2.1, =1.3.2, =0.1.0, =1.9.0, =0.2.6, =0.1.0, =1.0.1, =0.1.0b1, =0.0.2, =0.0.2, =0.1.0b1, =1.0.1, =2020.7.8, =0.0.20, =0.1.0, =0.3.1 and more Source cves: CVE-2023-26145 Source advisory: OSV:PYSEC-2023-179...
CVE-2023-26145
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
CVE-2023-26145
CVE-2023-26145 affects the Python package pydash prior to version 6.0.0 . Vulnerable are methods such as pydash.objects.invoke() and pydash.collections.invoke_map() , which accept dotted path strings to target nested objects. The issue is a potential Command Injection when prerequisites are met: ...