5 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-45805
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an...
adam-assist (>=0.1.1 <=0.3.9), adam-core (>=0.3.0 <=0.5.5) +49 more potentially affected by CVE-2023-45805 via pdm (>=1.15.5 <=2.9.3)
pdm PYPI version =1.15.5, =0.1.1, =0.3.0, =0.0.1, =0.1.2, =0.3.5, =2.0.0rc0, =0.1.0, =0.1.2, =0.1.0, =0.2.0, =0.1.5, =0.3.0, =0.1.0, =1.0.28 and more Source cves: CVE-2023-45805 Source advisory: OSV:GHSA-J44V-MMF2-XVM9...
CVE-2023-45805 Trojan Lockfilein pdm
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
CVE-2023-45805
CVE-2023-45805 affects the Python tool PDM (dependency manager). A crafted pawns-style lockfile in which a project like foo is targeted with foo-2 and a file foo-2-2.tar.gz can mislead PyPI and PDM into installing a different project than what appears in pyproject.toml, potentially allowing arbit...
CVE-2023-45805
creationtimestamp| type| source ---|---|--- 2023-10-20 07:11:03+00:00| published-proof-of-concept| https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 2023-10-20 22:35:21+00:00| seen| https://t.me/cibsecurity/72710...