CVE-2023-37659 – xalpha

Package

Manager: pip
Name: xalpha
Vulnerable Version: >=0.11.4 <0.11.9

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS: 0.01266 pctl0.78669

Details

xalpha vulnerable to Remote Code Execution xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE). User input is not properly checked to be numerical values prior to being evaluated.

Metadata

Created: 2023-07-11T15:31:18Z
Modified: 2024-11-19T19:12:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-jx3q-5rgf-vrrr/GHSA-jx3q-5rgf-vrrr.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-jx3q-5rgf-vrrr
Finding: F416
Auto approve: 1