Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODgtdnIzdi03Nm1m
Eval injection in Supybot/Limnoria
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
Permalink: https://github.com/advisories/GHSA-6g88-vr3v-76mfJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODgtdnIzdi03Nm1m
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 4 years ago
Updated: 9 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-6g88-vr3v-76mf, CVE-2019-19010
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-19010
- https://github.com/ProgVal/Limnoria/commit/3848ae78de45b35c029cc333963d436b9d2f0a35
- https://github.com/ProgVal/Limnoria/wiki/math-eval-vulnerability
- https://lists.fedoraproject.org/archives/list/[email protected]/message/54CQM2TEXRADLE77VOMCPHL5PBHR3ZWJ/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/5P2AGND54UIJV3WHOYO2YINIXSDGAAPO/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/DRNOUHFEN75QAIKT4Y3HDN3TT5LSIWN2/
- https://github.com/advisories/GHSA-6g88-vr3v-76mf
Blast Radius: 13.2
Affected Packages
pypi:limnoria
Dependent packages: 1Dependent repositories: 22
Downloads: 967 last month
Affected Version Ranges: < 2019.11.09
Fixed in: 2019.11.09
All affected versions: 2014.3.3, 2014.5.8, 2014.5.17, 2014.5.29, 2014.6.4, 2014.6.26, 2014.7.19, 2014.10.9, 2014.11.24, 2014.12.7, 2014.12.22, 2015.3.10, 2015.4.29, 2015.5.20, 2015.7.8, 2015.8.17, 2015.8.29, 2015.9.16, 2015.10.4, 2015.11.30, 2015.12.2, 2015.12.12, 2016.1.5, 2016.2.23, 2016.2.24, 2016.3.21, 2016.5.6, 2016.6.27, 2016.6.29, 2016.8.7, 2016.9.26, 2016.10.1, 2016.10.2, 2016.11.28, 2016.12.8, 2017.1.10, 2017.3.30, 2017.8.3, 2017.8.18, 2017.10.1, 2018.1.25, 2018.4.14, 2018.6.20, 2018.6.25, 2018.9.1, 2018.9.9, 2018.12.19, 2019.2.14, 2019.2.21, 2019.2.22, 2019.2.23, 2019.5.28, 2019.8.25, 2019.9.8, 2019.10.22
All unaffected versions: 2019.11.9, 2019.11.22, 2019.12.15, 2020.1.1, 2020.1.9, 2020.1.31, 2020.3.17, 2020.4.11, 2020.7.1, 2020.8.29, 2020.8.30, 2020.10.10, 2020.12.5, 2021.1.15, 2021.3.13, 2021.3.18, 2021.4.1, 2021.4.11, 2021.5.22, 2021.5.24, 2021.5.26, 2021.6.15, 2021.7.21, 2021.10.9, 2021.11.9, 2021.11.20, 2022.1.1, 2022.1.29, 2022.2.3, 2022.3.17, 2022.4.22, 2022.4.27, 2022.6.23, 2022.8.7, 2022.9.20, 2022.11.10, 2023.1.12, 2023.1.28, 2023.4.28, 2023.5.27, 2023.8.10, 2023.9.22, 2023.9.24, 2023.11.18, 2024.4.26