10 matches found
Updated python-astropy packages fix security vulnerability
Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a command or a script file as a value to the savelayout argument, which will be placed as the first value in a...
Fedora: Security Advisory (FEDORA-2024-d8ac19de55)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-d329148f1e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : python-astropy (2024-d329148f1e)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-d329148f1e advisory. Security fix for CVE-2023-41334 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
SUSE CVE-2023-41334
Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...
aimapper (=0.1.0), aimfast (>=0.1.0 <=1.3.3) +237 more potentially affected by CVE-2023-41334 via astropy (>=1.2.1 <=5.3.2)
astropy PYPI version =1.2.1, =0.1.0, =0.2.0, =0.2.2, =0.7.1, =2.5.0, =0.0.3, =0.0.1, =1.0.1, =0.3.0, =0.0.2, =1.0.0, =1.4.0 and more Source cves: CVE-2023-41334 Source advisory: OSV:GHSA-H2X6-5JX5-46HF...
CVE-2023-41334
Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...
CVE-2023-41334
CVE-2023-41334 affects Astropy core package version 5.3.2, with remote code execution due to improper input validation in TranformGraph().to_dot_graph. A crafted savelayout value can be injected into subprocess.Popen, causing the malicious command to execute despite an error. The issue is fixed i...
CVE-2023-41334
Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...
CVE-2023-41334
creationtimestamp| type| source ---|---|--- 2024-03-18 17:34:58+00:00| published-proof-of-concept| https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf 2024-03-18 20:26:38+00:00| seen| https://t.me/ctinow/210904 2024-03-18 20:26:58+00:00| seen| https://t.me/ctinow/210922...