Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
astropy vulnerable to RCE in TranformGraph().to_dot_graph function
Vulnerability Description
Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Astropy 安全漏洞
Vulnerability Description
Astropy是一个 Python 天文学项目,旨在促进 Python 天文学包之间的互操作性。 Astropy 5.3.2版本存在安全漏洞,该漏洞源于函数TranformGraph().to_dot_graph存在输入验证不当问题,导致存在远程代码执行漏洞。
CVSS Information
N/A
Vulnerability Type
N/A