HIGH 7.5
PYSEC-2017-144
Details
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / koji
Introduced in:
0 No fixed version published yet for koji (pip). Pin to a known-safe version or switch to an alternative.