3 matches found
GHSA-VGV8-5CPJ-QJ2F pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Summary A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library. This method insecurely utilizes eval for processing input, enabling execution of arbitrary code when parsing untrusted input. This can be exploited when...
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Summary A critical security vulnerability exists in the JonesFaithfulTransformation.fromtransformationstr method within the pymatgen library. This method insecurely utilizes eval for processing input, enabling execution of arbitrary code when parsing untrusted input. This can be exploited when...
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
Impact A proto pollution vulnerability exists in synchrony versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. Summary A proto pollution vulnerability exists in the LiteralMap transformer allowing crafted input to modify properties in the Object prototype. When...