6 matches found
Eve allows execution of arbitrary code
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
GHSA-8JXQ-75RW-FHJ9 Eve allows execution of arbitrary code
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
Eve allows execution of arbitrary code
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
CVE-2018-8097
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
PYSEC-2018-8
io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...
CVE-2018-8097
CVE-2018-8097 affects Eve (aka pyeve) prior to 0.7.5. The vulnerability resides in io/mongo/parser.py where the where parameter enables Code Injection, allowing remote execution of arbitrary code. Multiple sources corroborate remote-code-execution via this parameter. A PoC/notice exists showing f...