Lucene search
Veracode Vulnerability DatabaseVERACODE:35916HistoryJun 09, 2022 - 4:56 a.m.
Command Injection
2022-06-0904:56:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
command injection
software
vcs.py
checkout parameter
arbitrary codes
EPSS
0.01
Percentile
84.1%
cookiecutter is vulnerable to command injection. The vulnerability exists in the clone function in vcs.py due to a lack of sanitization in checkout parameter which allows an attacker to inject and execute arbitrary codes
References
github.com/cookiecutter/cookiecutter/commit/fdffddb31fd2b46344dfa317531ff155e7999f77
github.com/cookiecutter/cookiecutter/pull/1689
github.com/cookiecutter/cookiecutter/releases/tag/2.1.1
lists.fedoraproject.org/archives/list/[email protected]/message/G5TXC4JYTNGOUFMCXPZ6QKWEZN3URTAK/
lists.fedoraproject.org/archives/list/[email protected]/message/HQKWT7SGFDCUPPLDIELTN7FVTHWDL5YK/
Related
openvas
openvas
Fedora: Security Advisory for python-cookiecutter (FEDORA-2022-ff1c98b2fe)
2022-06-19 00:00:00
Mageia: Security Advisory (MGASA-2022-0258)
2022-07-14 00:00:00
Fedora: Security Advisory for python-cookiecutter (FEDORA-2022-4a3d83a1d2)
2022-06-19 00:00:00
debiancve
debiancve
CVE-2022-24065
2022-06-08 08:15:07
github
github
OS Command Injection in cookiecutter
2022-06-09 23:48:49
cvelist
cvelist
CVE-2022-24065 Command Injection
2022-06-03 20:00:14
fedora
fedora
[SECURITY] Fedora 35 Update: python-cookiecutter-2.1.1-1.fc35
2022-06-19 00:51:20
[SECURITY] Fedora 36 Update: python-cookiecutter-2.1.1-1.fc36
2022-06-19 00:38:49
osv
osv
PYSEC-2022-204
2022-06-08 08:15:00
CVE-2022-24065
2022-06-08 08:15:07
OS Command Injection in cookiecutter
2022-06-09 23:48:49
cve
cve
CVE-2022-24065
2022-06-08 08:15:07
mageia
mageia
Updated python-coookiecutter packages fix security vulnerability
2022-07-13 23:44:07
ubuntucve
ubuntucve
CVE-2022-24065
2022-06-08 00:00:00
prion
prion
Command injection
2022-06-08 08:15:00
nvd
nvd
CVE-2022-24065
2022-06-08 08:15:07