23 matches found
EUVD-2023-0214
Malicious code in bioql PyPI...
CVE-2023-26145
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
openSUSE Security Advisory (SUSE-SU-2024:1639-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:1639-2 Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict
This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack,...
SUSE-SU-2024:1639-1 Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict
This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack,...
Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to gain...
Security Bulletin: Pydash is vulnerable to CVE-2023-26145 used in IBM Maximo Application Suite - Monitor Component
Summary IBM Maximo Application Suite - Monitor Component uses pydash, which is vulnerable to CVE-2023-26145. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-26145 DESCRIPTION: Python pydash package could allow a remote attacker to...
Command Injection
pydash is vulnerable to Command Injection. The vulnerability is due to the basegetobject function in helpers.py which retrieves the value of a given key from an object. If it doesn't find a specified key in an object, it tries to access the object's attributes directly. This allows attackers to...
GHSA-8MJR-6C96-39W8 pydash Command Injection vulnerability
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
a9s (=0.7.0), algora-sdk (>=1.3.2 <=1.5.39) +76 more potentially affected by CVE-2023-26145 via pydash (>=4.2.1 <=5.1.2)
pydash PYPI version =4.2.1, =1.3.2, =0.1.0, =1.9.0, =0.2.6, =0.1.0, =1.0.1, =0.1.0b1, =0.0.2, =0.0.2, =0.1.0b1, =1.0.1, =2020.7.8, =0.0.20, =0.1.0, =0.3.1 and more Source cves: CVE-2023-26145 Source advisory: OSV:GHSA-8MJR-6C96-39W8...
pydash Command Injection vulnerability
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
CVE-2023-26145
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
CVE-2023-26145
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
Command injection
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
PYSEC-2023-179
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
a9s (=0.7.0), algora-sdk (>=1.3.2 <=1.5.39) +76 more potentially affected by CVE-2023-26145 via pydash (>=4.2.1 <=5.1.2)
pydash PYPI version =4.2.1, =1.3.2, =0.1.0, =1.9.0, =0.2.6, =0.1.0, =1.0.1, =0.1.0b1, =0.0.2, =0.0.2, =0.1.0b1, =1.0.1, =2020.7.8, =0.0.20, =0.1.0, =0.3.1 and more Source cves: CVE-2023-26145 Source advisory: OSV:PYSEC-2023-179...
PYSEC-2023-179
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
CVE-2023-26145
CVE-2023-26145 affects the Python package pydash prior to version 6.0.0 . Vulnerable are methods such as pydash.objects.invoke() and pydash.collections.invoke_map() , which accept dotted path strings to target nested objects. The issue is a potential Command Injection when prerequisites are met: ...
CVE-2023-26145
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...
CVE-2023-26145
This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...