Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-f4q6-9qm4-h8j4: OS Command Injection in cookiecutter

The package cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.

ghsa
Open in Source
#git

OS Command Injection in cookiecutter

High severity GitHub Reviewed Published Jun 9, 2022 • Updated Jun 9, 2022

Related news

CVE-2022-24065: Command Injection in cookiecutter | CVE-2022-24065 | Snyk

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution
ghsa