Lucene search
GoogleOSV:PYSEC-2022-204HistoryJun 08, 2022 - 8:15 a.m.
PYSEC-2022-204
2022-06-0808:15:00
Google
osv.dev
89
cookiecutter
command injection
python
hg argument injection
software
EPSS
0.01
Percentile
84.1%
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Related
openvas
openvas
Fedora: Security Advisory for python-cookiecutter (FEDORA-2022-ff1c98b2fe)
2022-06-19 00:00:00
Mageia: Security Advisory (MGASA-2022-0258)
2022-07-14 00:00:00
Fedora: Security Advisory for python-cookiecutter (FEDORA-2022-4a3d83a1d2)
2022-06-19 00:00:00
github
github
OS Command Injection in cookiecutter
2022-06-09 23:48:49
cvelist
cvelist
CVE-2022-24065 Command Injection
2022-06-03 20:00:14
debiancve
debiancve
CVE-2022-24065
2022-06-08 08:15:07
fedora
fedora
[SECURITY] Fedora 36 Update: python-cookiecutter-2.1.1-1.fc36
2022-06-19 00:38:49
[SECURITY] Fedora 35 Update: python-cookiecutter-2.1.1-1.fc35
2022-06-19 00:51:20
mageia
mageia
Updated python-coookiecutter packages fix security vulnerability
2022-07-13 23:44:07
ubuntucve
ubuntucve
CVE-2022-24065
2022-06-08 00:00:00
osv
osv
OS Command Injection in cookiecutter
2022-06-09 23:48:49
CVE-2022-24065
2022-06-08 08:15:07
prion
prion
Command injection
2022-06-08 08:15:00
nvd
nvd
CVE-2022-24065
2022-06-08 08:15:07
veracode
veracode
Command Injection
2022-06-09 04:56:47
cve
cve
CVE-2022-24065
2022-06-08 08:15:07