—

PYSEC-2022-162

상세

Weblate is a web based localization tool with tight version control integration. Prior to version 4.11.1, Weblate didn't properly sanitize some arguments passed to Git and Mercurial, allowing them to change their behavior in an unintended way. Instances where untrusted users cannot create new components are not affected. The issues were fixed in the 4.11.1 release.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / weblate

최초 영향 버전: 0 수정 버전: 35d59f1f040541c358cece0a8d4a63183ca919b8

수정 pip install --upgrade 'weblate>=35d59f1f040541c358cece0a8d4a63183ca919b8'

참고

https://github.com/WeblateOrg/weblate/commit/35d59f1f040541c358cece0a8d4a63183ca919b8 [FIX]
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-3872-f48p-pxqj [ADVISORY]
https://github.com/WeblateOrg/weblate/commit/d83672a3e7415da1490334e2c9431e5da1966842 [FIX]
https://github.com/advisories/GHSA-h2g5-2rhx-ffgj [ADVISORY]