EPSS
Percentile
61.7%
poetry_core is vulnerable to remote code execution. The vulnerability exists in git.py when the application runs on Windows because the file hashes are not checked before installation which allows an attacker to inject and execute poetry commands.
git.py
github.com/python-poetry/poetry-core/commit/fa9cb6f358ae840885c700f954317f34838caba7
github.com/python-poetry/poetry-core/pull/205
github.com/python-poetry/poetry-core/pull/205/commits/fa9cb6f358ae840885c700f954317f34838caba7
github.com/python-poetry/poetry/releases/tag/1.1.9