poetry_core is vulnerable to remote code execution. The vulnerability exists in git.py
when the application runs on Windows because the file hashes are not checked before installation which allows an attacker to inject and execute poetry commands.
CPE | Name | Operator | Version |
---|---|---|---|
poetry-core | eq | 1.0.0a5 | |
poetry-core | le | 1.0.4 | |
poetry-core | le | 1.0.0a4 | |
poetry-core | eq | 1.0.0a5 | |
poetry-core | le | 1.0.4 | |
poetry-core | le | 1.0.0a4 |