Search

Find a vulnerability

Search criteria

    Related vulnerabilities

    PYSEC-2022-238

    Vulnerability from pysec - Published: 2022-07-13 12:15 - Updated: 2022-07-26 13:13
    VLAI
    Details

    This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

    Impacted products
    Name purl
    codecov pkg:pypi/codecov

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "codecov",
            "purl": "pkg:pypi/codecov"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "2a80aa434f74feb31242b6f213b75ce63ae97902"
                }
              ],
              "repo": "https://github.com/codecov/codecov-python",
              "type": "GIT"
            },
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "2.0.16"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "0.0.1",
            "0.0.2",
            "0.0.3",
            "0.0.4",
            "0.0.5",
            "0.1.0",
            "0.1.1",
            "0.1.2",
            "0.2.0",
            "0.2.1",
            "0.2.2",
            "0.2.3",
            "0.3.0",
            "0.3.1",
            "0.3.2",
            "0.3.3",
            "0.3.4",
            "0.4.0",
            "0.4.1",
            "0.5.0",
            "0.5.1",
            "0.5.2",
            "1.0.0",
            "1.0.1",
            "1.0.2",
            "1.0.3",
            "1.1.0",
            "1.1.1",
            "1.1.10",
            "1.1.11",
            "1.1.12",
            "1.1.13",
            "1.1.2",
            "1.1.3",
            "1.1.4",
            "1.1.5",
            "1.1.6",
            "1.1.7",
            "1.1.8",
            "1.1.9",
            "1.2.1",
            "1.2.2",
            "1.2.3",
            "1.3.0",
            "1.3.1",
            "1.3.2",
            "1.3.3",
            "1.4.0",
            "1.4.1",
            "1.5.0",
            "1.5.1",
            "1.6.0",
            "1.6.1",
            "1.6.2",
            "1.6.3",
            "2.0.0",
            "2.0.1",
            "2.0.10",
            "2.0.11",
            "2.0.12",
            "2.0.13",
            "2.0.14",
            "2.0.15",
            "2.0.2",
            "2.0.3",
            "2.0.5",
            "2.0.7",
            "2.0.8",
            "2.0.9"
          ]
        }
      ],
      "aliases": [
        "CVE-2019-10800",
        "SNYK-PYTHON-CODECOV-552149",
        "GHSA-h3qr-fjhm-jphw"
      ],
      "details": "This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.",
      "id": "PYSEC-2022-238",
      "modified": "2022-07-26T13:13:30.178958Z",
      "published": "2022-07-13T12:15:00Z",
      "references": [
        {
          "type": "ADVISORY",
          "url": "https://snyk.io/vuln/SNYK-PYTHON-CODECOV-552149"
        },
        {
          "type": "FIX",
          "url": "https://github.com/codecov/codecov-python/commit/2a80aa434f74feb31242b6f213b75ce63ae97902"
        },
        {
          "type": "ADVISORY",
          "url": "https://github.com/advisories/GHSA-h3qr-fjhm-jphw"
        }
      ]
    }