Log in Sign up KO

—

PYSEC-2023-116

Details

xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).

Are you affected?

Enter the version of the package you're using.

Affected packages

Introduced in: 0.11.4 Fixed in: 0.11.9

Fix pip install --upgrade 'xalpha>=0.11.9'

References

https://github.com/refraction-ray/xalpha/issues/175 [EVIDENCE]
https://github.com/refraction-ray/xalpha/issues/175 [REPORT]
https://github.com/advisories/GHSA-jx3q-5rgf-vrrr [ADVISORY]