CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

alvin-cli (>=0.0.1a0 <=1.2.0rc18), cumulus-library (>=0.1.2 <=1.4.0) +15 more potentially affected by CVE-2023-36830 via sqlfluff (>=0.11.2 <=2.1.1)

sqlfluff PYPI version =0.11.2, =0.0.1a0, =0.1.2, =0.1.2, =0.19.1a7, =0.9.3, =0.1.0, =0.1.0, =0.1.5, =0.1.0, =0.3.0a0, =0.13.2.6, =1.0.2, =0.8.0, =0.0.0, =1.2.1, =2.1.1 and more Source cves: CVE-2023-36830 Source advisory: OSV:PYSEC-2023-111...