Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3Y2ctN3hxdy1xY3h3
Heap Overflow in PyMiniRacer
A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers to potentially exploit heap corruption.
More details on https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/.
Permalink: https://github.com/advisories/GHSA-vwcg-7xqw-qcxwJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3Y2ctN3hxdy1xY3h3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-vwcg-7xqw-qcxw, CVE-2020-25489
References:
- https://github.com/sqreen/PyMiniRacer/security/advisories/GHSA-vwcg-7xqw-qcxw
- https://nvd.nist.gov/vuln/detail/CVE-2020-25489
- https://blog.sqreen.com/vulnerability-disclosure-finding-a-vulnerability-in-sqreens-php-agent-and-how-we-fixed-it/
- https://github.com/sqreen/PyMiniRacer/commit/627b54768293ec277f1adb997c888ec524f4174d
- https://github.com/sqreen/PyMiniRacer/compare/v0.2.0...v0.3.0
- https://github.com/advisories/GHSA-vwcg-7xqw-qcxw
Blast Radius: 0.0
Affected Packages
pypi:py-mini-racer
Dependent packages: 21Dependent repositories: 74
Downloads: 99,058 last month
Affected Version Ranges: < 0.3.0
Fixed in: 0.3.0
All affected versions: 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.1.13, 0.1.14, 0.1.15, 0.1.17, 0.1.18, 0.2.0
All unaffected versions: 0.3.0, 0.4.0, 0.5.0, 0.6.0