MEDIUM 6.5

PYSEC-2024-101

상세

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. A path traversal vulnerability inside of LocalMode's open_local_file method allows an authenticated user with adequate permissions to download any .txt via the ScreensController#show on the web server COSMOS is running on (depending on the file permissions). This vulnerability is fixed in 5.19.0.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / openc3

최초 영향 버전: 0 수정 버전: a34e61aea5a465f0ab3e57d833ae7ff4cafd710b

수정 pip install --upgrade 'openc3>=a34e61aea5a465f0ab3e57d833ae7ff4cafd710b'

참고

https://github.com/OpenC3/cosmos/security/advisories/GHSA-8jxr-mccc-mwg8 [ADVISORY]
https://github.com/OpenC3/cosmos/commit/a34e61aea5a465f0ab3e57d833ae7ff4cafd710b [FIX]