CVE-2017-1002157 – modulemd

Package

Manager: pip
Name: modulemd
Vulnerable Version: >=0 <1.3.2

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00725 pctl0.71718

Details

modulemd uses an unsafe function for processing externally provided data modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

Metadata

Created: 2019-01-17T13:56:18Z
Modified: 2024-09-24T20:48:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/01/GHSA-jhjh-ghwx-6h7r/GHSA-jhjh-ghwx-6h7r.json
CWE IDs: ["CWE-20", "CWE-242"]
Alternative ID: GHSA-jhjh-ghwx-6h7r
Finding: F184
Auto approve: 1