47 matches found
📄 Pymatgen 2024.1 CIF Parser Reverse Shell
Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File CIF parser that allows attackers to execute arbitrary Python code through specially crafted CIF files, leading to complete system compromise. The vulnerability exists in the CI...
EUVD-2022-7243
Malicious code in bioql PyPI...
Exploit for Command Injection in Materialsvirtuallab Pymatgen
CVE-2024-23346-exploit This is a exploit for the known Remote...
CVE-2024-23346
Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...
CVE-2022-42964
An exponential ReDoS Regular Expression Denial of Service can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.fromstring method...
📄 Pymatgen 2024.1 Remote Code Execution
Pymatgen version 2024.1 suffers from a remote code execution vulnerability. Exploit Title : Pymatgen 2024.1 - Remote Code Execution RCE Google Dork : not applicable Date : 2024-11-13 Exploit Author : Mohammed Idrees Banyamer Vendor Homepage : https ://pymatgen.org Software Link : https ://pypi.or...
Pymatgen 2024.1 - Remote Code Execution (RCE)
Exploit Title : Pymatgen 2024.1 - Remote Code Execution RCE Google Dork : not applicable Date : 2024-11-13 Exploit Author : Mohammed Idrees Banyamer Vendor Homepage : https ://pymatgen.org Software Link : https ://pypi.org /project /pymatgen/ Version : 2024.1 Tested on : Kali Linux 2024.1 CVE :...
Exploit for Command Injection in Materialsvirtuallab Pymatgen
A Rust exploitation script for CVE-2024-23346. As shown below t...
Exploit for Command Injection in Materialsvirtuallab Pymatgen
CVE-2024-23346 This PoC is based on the report/findings of Wil...
Debian: Security Advisory (DSA-5763-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5763-1] pymatgen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5763-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 30, 2024 https://www.debian.org/security/faq -...
Debian dsa-5763 : python-pymatgen-doc - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5763 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5763-1 [email protected] https://www.debian.org/security/ Moritz...
DSA-5763-1 pymatgen - security update
Bulletin has no description...
Arbitrary Code Execution
pymatgen is vulnerable to Arbitrary Code Execution. The vulnerability is due to missing input sanitization within the JonesFaithfulTransformation.fromtransformationstr method, allowing an attacker to execute malicious code within the context of the application...
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Summary A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library. This method insecurely utilizes eval for processing input, enabling execution of arbitrary code when parsing untrusted input. This can be exploited when...
abics (=2.1.0), abinitostudio (>=1.0.1 <=1.0.8) +94 more potentially affected by CVE-2024-23346 via pymatgen (>=2017.7.4 <=2024.11.13)
pymatgen PYPI version =2017.7.4, =1.0.1, =0.3.0, =0.2.0, =0.3.0, =2.0.0, =0.1.0, =1.1.4, =1.5.0, =1.1.2, =0.5.0, =0.3.0, =1.0.0a1, =3.0.0, =3.5.2 and more Source cves: CVE-2024-23346 Source advisory: OSV:GHSA-VGV8-5CPJ-QJ2F...
GHSA-VGV8-5CPJ-QJ2F pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Summary A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library. This method insecurely utilizes eval for processing input, enabling execution of arbitrary code when parsing untrusted input. This can be exploited when...
DEBIAN-CVE-2024-23346
Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...
PYSEC-2024-226
Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...
PYSEC-2024-226
Pymatgen Python Materials Genomics is an open-source Python library for materials analysis. A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library prior to version 2024.2.20. This method insecurely utilizes eval for...