You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Vulnerable Library - cookiecutter-1.7.3-py2.py3-none-any.whl
A command-line utility that creates projects from project templates, e.g. creating a Python package project from a Python package project template.
Library home page: https://files.pythonhosted.org/packages/a2/62/d061b19f307455506e63825586e2e1816b71d56b4a5873c278cb315b9660/cookiecutter-1.7.3-py2.py3-none-any.whl
Found in HEAD commit: fe3e05bf433570fe655d5fdf84247b98192b5b4d
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2022-24065
Vulnerable Library - cookiecutter-1.7.3-py2.py3-none-any.whl
A command-line utility that creates projects from project templates, e.g. creating a Python package project from a Python package project template.
Library home page: https://files.pythonhosted.org/packages/a2/62/d061b19f307455506e63825586e2e1816b71d56b4a5873c278cb315b9660/cookiecutter-1.7.3-py2.py3-none-any.whl
Dependency Hierarchy:
Found in HEAD commit: fe3e05bf433570fe655d5fdf84247b98192b5b4d
Found in base branch: master
Vulnerability Details
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Publish Date: 2022-06-08
URL: CVE-2022-24065
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24065
Release Date: 2022-06-08
Fix Resolution: 2.1.1
The text was updated successfully, but these errors were encountered: