14 matches found
EUVD-2022-1732
Malicious code in bioql PyPI...
EUVD-2022-0047
Malicious code in bioql PyPI...
Updated python-coookiecutter packages fix security vulnerability
Command Injection via hg argument CVE-2022-24065...
Command Injection:
Description cookiecutter is a command-line utility that creates projects from cookiecutters. Affected versions of this package are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg...
Command injection
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...
PYSEC-2022-204
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...
CVE-2022-24065
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...
CVE-2022-24065
The CVE-2022-24065 vulnerability affects the Python package cookiecutter prior to 2.1.1 . The root cause is a Command Injection via the checkout flow: when cookiecutter is invoked from Python code and passes the checkout parameter to the underlying hg checkout command, additional flags can be set...
GHSA-G397-V4W5-4M79 Command injection in cocoapods-downloader
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
Command injection in cocoapods-downloader
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
CVE-2022-21223
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
CVE-2022-21223
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
CVE-2022-21223 Command Injection
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
CVE-2022-21223
CVE-2022-21223 affects cocoapods-downloader prior to 1.6.2. The flaw is a Command Injection in the download path when using hg, where the URL and/or revision/branch are passed to the hg clone command, allowing extra flags to be injected. Affected component: cocoapods-downloader (Ruby gem). Root c...