-
Notifications
You must be signed in to change notification settings - Fork 60
/
PYSEC-2023-209.yaml
41 lines (41 loc) · 1.28 KB
/
PYSEC-2023-209.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
id: PYSEC-2023-209
modified: 2023-10-20T16:31:18.877419Z
published: 2023-03-05T19:15:00Z
aliases:
- CVE-2021-4329
details: A vulnerability, which was classified as critical, has been found in json-logic-js
2.0.0. Affected by this issue is some unknown functionality of the file logic.js.
The manipulation leads to command injection. Upgrading to version 2.0.1 is able
to address this issue. The patch is identified as c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227.
It is recommended to upgrade the affected component. VDB-222266 is the identifier
assigned to this vulnerability.
affected:
- package:
ecosystem: PyPI
name: json-logic
purl: pkg:pypi/json-logic
ranges:
- type: GIT
events:
- introduced: "0"
- fixed: c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227
repo: https://github.com/jwadhams/json-logic-js
- type: ECOSYSTEM
events:
- introduced: "0"
versions:
- 0.6.2
- 0.6.3
- 0.7.0a0
severity:
- type: CVSS_V3
score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
references:
- type: WEB
url: https://vuldb.com/?ctiid.222266
- type: WEB
url: https://github.com/jwadhams/json-logic-js/pull/98
- type: WEB
url: https://vuldb.com/?id.222266
- type: FIX
url: https://github.com/jwadhams/json-logic-js/commit/c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227