—

PYSEC-2022-31

상세

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / weblate

최초 영향 버전: 0 수정 버전: 4.11.1

수정 pip install --upgrade 'weblate>=4.11.1'

참고

https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088 [ADVISORY]
https://github.com/WeblateOrg/weblate/pull/7338 [WEB]
https://github.com/WeblateOrg/weblate/pull/7337 [WEB]
https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1 [WEB]