2 matches found
PYSEC-2023-179
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
Command Injection
Overview pydash is a The kitchen sink of Python utility libraries for doing "stuff" in a functional way. Based on the Lo-Dash Javascript library. Affected versions of this package are vulnerable to Command Injection. A number of pydash methods such as pydash.objects.invoke and...