7 matches found
EUVD-2022-0047
Malicious code in bioql PyPI...
PYSEC-2022-204
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...
CVE-2022-24065
The CVE-2022-24065 vulnerability affects the Python package cookiecutter prior to 2.1.1 . The root cause is a Command Injection via the checkout flow: when cookiecutter is invoked from Python code and passes the checkout parameter to the underlying hg checkout command, additional flags can be set...
CVE-2022-24065
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be...
CVE-2022-21223 Command Injection
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...
CVE-2022-21223
CVE-2022-21223 affects cocoapods-downloader prior to 1.6.2. The flaw is a Command Injection in the download path when using hg, where the URL and/or revision/branch are passed to the hg clone command, allowing extra flags to be injected. Affected component: cocoapods-downloader (Ruby gem). Root c...
CVE-2022-21223 Command Injection
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function when using hg, the url and/or revision, tag, branch is passed to the hg clone command in a way that additional flags can be set. The additional flags can...