Lucene search
K

3 matches found

OSV
OSV
added 2024/02/21 6:4 p.m.232 views

GHSA-VGV8-5CPJ-QJ2F pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string

Summary A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library. This method insecurely utilizes eval for processing input, enabling execution of arbitrary code when parsing untrusted input. This can be exploited when...

9.3CVSS8.7AI score0.03816EPSS
Exploits8References7
Github Security Blog
Github Security Blog
added 2024/02/21 6:4 p.m.30 views

pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string

Summary A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library. This method insecurely utilizes eval for processing input, enabling execution of arbitrary code when parsing untrusted input. This can be exploited when...

9.3CVSS7.9AI score0.03816EPSS
Exploits8References7Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/18 6:27 p.m.45 views

Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution

Impact A proto pollution vulnerability exists in synchrony versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. Summary A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify properties in the Object prototype. When...

8.1CVSS7.9AI score0.00415EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder