Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xd3F2LWo3anItNGhwNs3jww
Argument injection in python-libnmap
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments).
Permalink: https://github.com/advisories/GHSA-qwqv-j7jr-4hp6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xd3F2LWo3anItNGhwNs3jww
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: about 1 month ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-qwqv-j7jr-4hp6, CVE-2022-30284
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-30284
- https://github.com/savon-noir/python-libnmap/releases
- https://libnmap.readthedocs.io/en/latest/process.html#using-libnmap-process
- https://github.com/savon-noir/python-libnmap/commit/c36fecde90017befeb4853396d0e2aac93c95b64
- https://github.com/savon-noir/python-libnmap/releases/tag/v0.7.3
- https://pypi.org/project/python-libnmap
- https://www.swascan.com/security-advisory-libnmap-2
- https://github.com/advisories/GHSA-qwqv-j7jr-4hp6
Blast Radius: 21.5
Affected Packages
pypi:python-libnmap
Dependent packages: 8Dependent repositories: 157
Downloads: 28,622 last month
Affected Version Ranges: <= 0.7.2
Fixed in: 0.7.3
All affected versions: 0.2.3, 0.2.4, 0.2.7, 0.2.8, 0.4.0, 0.4.6, 0.5.0, 0.5.1, 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.7.2
All unaffected versions: 0.7.3