Use of Externally-Controlled Format String in consoleme · CVE-2022-27177 · GitHub Advisory Database · GitHub

Use of Externally-Controlled Format String in consoleme

Critical severity GitHub Reviewed Published Apr 3, 2022 to the GitHub Advisory Database • Updated Sep 7, 2023

Package

consoleme (pip)

Affected versions

< 1.2.2

Patched versions

1.2.2

Description

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2

References

Published by the National Vulnerability Database

Apr 1, 2022

Published to the GitHub Advisory Database Apr 3, 2022

Reviewed Apr 5, 2022

Last updated Sep 7, 2023

Severity

Critical

9.8

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H