CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
33.4%
pydash is vulnerable to Command Injection. The vulnerability is due to the _base_get_object
function in helpers.py
which retrieves the value of a given key from an object. If it doesn’t find a specified key in an object, it tries to access the object’s attributes directly. This allows attackers to access risky attributes, like__init__.__globals__
, that can potentially lead to Command Injection.