Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03NHczLTJyNzctZnc1aM031A
Use of Externally-Controlled Format String in consoleme
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2
Permalink: https://github.com/advisories/GHSA-74w3-2r77-fw5hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NHczLTJyNzctZnc1aM031A
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: 8 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-74w3-2r77-fw5h, CVE-2022-27177
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-27177
- https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2022-001.md
- https://github.com/pypa/advisory-database/tree/main/vulns/consoleme/PYSEC-2022-189.yaml
- https://github.com/Netflix/consoleme/commit/2a3c84eee524d77c427b3329a8419cbbce9e1d16
- https://github.com/advisories/GHSA-74w3-2r77-fw5h
Blast Radius: 1.0
Affected Packages
pypi:consoleme
Dependent packages: 0Dependent repositories: 0
Downloads: 469 last month
Affected Version Ranges: < 1.2.2
Fixed in: 1.2.2
All affected versions: 0.0.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.2.0, 1.2.1
All unaffected versions: 1.2.2, 1.3.0