Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-0047

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0422EPSS
Exploits1References11
OSV
OSV
added 2022/06/08 8:15 a.m.100 views

PYSEC-2022-204

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

9.8CVSS2.1AI score0.0422EPSS
Exploits1References4
CVE
CVE
added 2022/06/03 8:0 p.m.99 views

CVE-2022-24065

The CVE-2022-24065 vulnerability affects the Python package cookiecutter prior to 2.1.1 . The root cause is a Command Injection via the checkout flow: when cookiecutter is invoked from Python code and passes the checkout parameter to the underlying hg checkout command, additional flags can be set...

9.8CVSS9.3AI score0.0422EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2022/06/03 8:0 p.m.20 views

CVE-2022-24065

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...

9.8CVSS9.9AI score0.0422EPSS
Exploits1
OSV
OSV
added 2022/04/01 5:35 p.m.19 views

CVE-2022-21223 Command Injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS7.2AI score0.01781EPSS
Exploits0References4
CVE
CVE
added 2022/04/01 5:35 p.m.98 views

CVE-2022-21223

CVE-2022-21223 affects cocoapods-downloader prior to 1.6.2. The flaw is a Command Injection in the download path when using hg, where the URL and/or revision/branch are passed to the hg clone command, allowing extra flags to be injected. Affected component: cocoapods-downloader (Ruby gem). Root c...

9.8CVSS9.4AI score0.01781EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/01 5:35 p.m.25 views

CVE-2022-21223 Command Injection

The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...

8.1CVSS10AI score0.01781EPSS
Exploits0References2
Rows per page
Query Builder