Lucene search
Veracode Vulnerability DatabaseVERACODE:32972HistoryNov 15, 2021 - 4:40 a.m.
Remote Code Execution (RCE)
2021-11-1504:40:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.005 Low
EPSS
Percentile
77.2%
antilles_tools is vulnerable to remote code execution. During installation, there is a dependency confusion due to a package listed in requirements.txt not existing in the public package index (PyPi), causing a private package dependency being replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi.
| CPE | Name | Operator | Version |
|---|---|---|---|
| antilles-tools | eq | 1.0.0 | |
| antilles-tools | eq | 1.0.0 |
Related
osv
osv
Antilles Dependency Confusion Vulnerability
2021-11-03 17:36:22
PYSEC-2021-840
2021-11-12 22:15:00
CVE-2021-3840
2021-11-12 22:15:08
github
github
Antilles Dependency Confusion Vulnerability
2021-11-03 17:36:22
prion
prion
Type confusion
2021-11-12 22:15:00
cve
cve
CVE-2021-3840
2021-11-12 22:15:08
cvelist
cvelist
CVE-2021-3840
2021-11-12 22:05:54
nvd
nvd
CVE-2021-3840
2021-11-12 22:15:08
cnvd
cnvd
Lenovo Antilles has unspecified vulnerabilities
2021-11-16 00:00:00