2 matches found
CVE-2022-36069
Poetry (Python) is affected by CVE-2022-36069 where dependency handling from Git repositories can trigger arbitrary code execution if a repository URL or input starts with a dash, causing certain commands (e.g., git clone) to be parsed as options rather than positional arguments. The root cause i...
CVE-2022-36070
CVE-2022-36070 affects Poetry (Python dependency manager). When handling Git-based dependencies, Poetry runs commands by executable name (not absolute path), enabling Windows’ path resolution to execute untrusted binaries in the current directory. This can lead to Arbitrary Code Execution with lo...